Configuring Global IS-IS Parameters
This section describes the commands you can use to globally configure optional IS-IS parameters.
In the following command guidelines, many parameters are preset to a default value. Use the no version of those commands to restore default values.
Setting Authentication Passwords
You can configure simple authentication or HMAC MD5 authentication for either an area or a domain.
area-authentication-key
- Use to specify a password used by neighboring routers for authentication of IS-IS level 1 LSPs, CSNPs, and PSNPs.
- Issuing this command enables simple authentication of level 1 LSPs only. To enable simple authentication of level 1 CSNPs or PSNPs, use the area-authentication command.
- You can specify whether the key is entered in unencrypted or encrypted format. If you do not specify which, the string is assumed to be unencrypted.
- Examplehost1(config-router)#area-authentication-key 0 bigtree
- Use the no version to delete the password.
- See area-authentication-key
area-message-digest-key
- Use to configure HMAC MD5 authentication for an area.
- Generates a secure, encrypted message digest of level 1 packets (LSPs, CSNPs, and PSNPs) and inserts the digest into the packet from which it is created.
- Issuing this command enables MD5 authentication of level 1 LSPs only. To enable MD5 authentication of level 1 CSNPs or PSNPs, use the area-authentication command.
- You can specify whether the key is entered in unencrypted or encrypted format. If you do not specify which, the string is assumed to be unencrypted.
- Example host1(config-router)#area-message-digest-key 1 hmac-md5 kd4s8hnEK
- Use the no version to delete the MD5 key specified by the key ID.
- See area-message-digest-key
domain-authentication-key
- Use to specify a password used by neighboring routers for authentication of IS-IS level 2 LSPs, CSNPs, and PSNPs.
- Issuing this command enables simple authentication of level 2 LSPs only. To enable simple authentication of level 2 CSNPs or PSNPs, use the domain-authentication command.
- You can specify whether the key is entered in unencrypted or encrypted format. If you do not specify which, the string is assumed to be unencrypted.
- Examplehost1(config-router)#domain-authentication-key 8 4kl6n39us
- Use the no version to delete the password.
- See domain-authentication-key
domain-message-digest-key
- Use to configure HMAC MD5 authentication for a domain.
- Generates a secure, encrypted message digest of level 2 packets (LSPs, CSNPs, and PSNPs) and inserts the digest into the packet from which it is created.
- Issuing this command enables MD5 authentication of level 2 LSPs only. To enable MD5 authentication of level 2 CSNPs or PSNPs, use the domain-authentication command.
- You can specify whether the key is entered in unencrypted or encrypted format. If you do not specify which, the string is assumed to be unencrypted.
- Example host1(config-router)#domain-message-digest-key 4 hmac-md5 4bFjt7es
- Use the no version to delete the MD5 key specified by the key ID.
- See domain-message-digest-key
Configuring Authentication of CSNPs and PSNPs
You must enable and disable authentication of CSNP packets and PSNP packets separately from authentication of LSP packets.
area-authentication
- Use to enable or disable (suppress) simple authentication or HMAC MD5 authentication of IS-IS level 1 CSNP packets or PSNP packets.
- When authentication is enabled, it uses either the simple text password specified by the area-authentication-key command, or the HMAC MD5 key specified by the area-message-digest-key command.
- You must specify either the csnp keyword to enable authentication of level 1 CSNP packets, or the psnp keyword to enable authentication of level 1 PSNP packets.
- Examplehost1(config-router)#area-authentication csnp
- Use the no version to restore the default behavior, in which authentication of level 1 CSNPs and PSNPs is disabled. When authentication of level 1 CSNPs or PSNPs is suppressed, the router does not authenticate these packets when it receives them, nor does it send authentication information in these packets when it transmits them.
- See area-authentication
domain-authentication
- Use to enable or disable (suppress) simple authentication or HMAC MD5 authentication of IS-IS level 2 CSNP packets or PSNP packets.
- When authentication is enabled, it uses either the simple text password specified by the domain-authentication-key command, or the HMAC MD5 key specified by the domain-message-digest-key command.
- You must specify either the csnp keyword to enable authentication of level 2 CSNP packets, or the psnp keyword to enable authentication of level 2 PSNP packets.
- Examplehost1(config-router)#domain-authentication csnp
- Use the no version to restore the default behavior, in which authentication of level 2 CSNPs and PSNPs is disabled. When authentication of level 2 CSNPs or PSNPs is suppressed, the router does not authenticate these packets when it receives them, nor does it send authentication information in these packets when it transmits them.
- See domain-authentication
Configuring Redistribution
You can specify how IS-IS redistributes routes received from other routing protocols, redistributes routes according to new policies, and controls redistribution of routes with access lists and route maps.
Optionally, when you issue the redistribute command and specify a route map, you can use the map to set a route tag for a route redistributed from another protocol to IS-IS. Make sure the route map you specify includes the set tag command that defines a tag value for the routes destined for IS-IS. For details about configuring and using route maps, see JunosE IP Services Configuration Guide.
To redistribute IPv6 routes, issue the redistribute command from within the IS-IS IPv6 address family.
access-list
route-map
- Use the access-list command to create a standard or extended access list.
- Use the route-map command to create a route map.
- For detailed information about configuring access lists and route maps, see JunosE IP Services Configuration Guide.
- Example—For IP route redistribution the access list
filters IP routes; for IPv6 route redistribution, the access list
must filter IPv6 routes.
- Configure three static routes:host1(config)#ip route 10.20.20.0 255.255.255.0 192.168.1.0 host1(config)#ip route 10.20.21.0 255.255.255.0 192.168.1.0 host1(config)#ip route 10.21.0.0 255.255.255.0 192.168.1.0
- Configure an access list with filters on routes 10.20.20.0/24
and 10.20.21.0/24:host1(config)#access-list boston permit 10.20.0.0 0.0.255.255
- Configure a route map that matches the previous access
list and applies an internal metric type:host1(config)#route-map 1 host1(config-route-map)#match ip address 1 host1(config-route-map)#set metric-type internal
- Configure redistribution into IS-IS of the static routes
with route map 1:host1(config)#router isis testnet host1(config-router)#redistribute static ip route-map 1
- Use the show isis database command to verify the effect of the redistribution (that two static
routes matching the route map are redistributed as level 2 internal
routes):
host1#show isis database detail l2 IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL 0000.0000.6666.00-00 0x000002B7 0x3E1F 1198 0/0/0 Area Address: 47.0005.80FF.F800.0000.0001.0001 NLPID: 0xcc IP Address: 192.168.1.105 Metric: 10 IS 0000.0000.6666.01 Metric: 10 IS 0000.0000.3333.00 Metric: 10 IS 0000.0000.7777.00 Metric: 30 IP 10.20.21.0 255.255.255.0 Metric: 30 IP 10.20.20.0 255.255.255.0
- Configure three static routes:
- Use the no version of the access-list command to remove the access list or the specified entry in the access list.
- Use the no version of the route-map command to remove an entry.
- See access-list
- See route-map
clear ip isis redistribution
clear isis ipv6
redistribution
- Use to clear all the routes that have been previously redistributed into IS-IS and to redistribute them using the current policy configured. Use the IP version to redistribute IP routes. Use the IPv6 version to redistribute IPv6 routes.
- Use when you have made changes to route maps or access lists that affect how routes are redistributed to IS-IS.
- Examplehost1#clear ip isis redistribution
- There is no no version.
- See clear ip isis redistribution
- See clear isis ipv6 redistribution
disable-dynamic-redistribute
- Use to halt the dynamic redistribution of routes that are initiated by changes to a route map.
- Dynamic redistribution is enabled by default.
- Examplehost1(config-router)#disable-dynamic-redistribute
- Use the no version to reenable dynamic redistribution.
- See disable-dynamic-redistribute
redistribute
- Use to redistribute routes from other routing protocols in the routing table to IS-IS. IS-IS advertises these routes as level 1 only, level 2 only, or both. Level 2 only is the default.
- To redistribute IPv6 routes, you must issue the command from within the IS-IS IPv6 address family.
- The default is no source protocol defined for redistribution.
- This command can accomplish the same results as the passive-interface command by redistributing a connected route to level 1.
- Optionally, you can specify a route map and use it to set a route tag for routes redistributed to IS-IS.
- Example 1—Redistributing static IP routes with a
route map host1(config-router)#redistribute static ip route-map 10
- Example 2—Redistributing IPv6 routes from OSPF into
IS-IS level 1 and level 2 host1(config-router-af)#redistribute ospf level-1-2
- Use the no version to disable redistribution.
- See redistribute
Redistributing Routes Between Levels
The two-level routing hierarchy of IS-IS can lead to suboptimal path selection in certain situations. Because a level 1 router by default has knowledge only of level 1 routes, traffic from a level 1 router to a router in another area passes through the nearest level 1-2 router as its next hop. Consider the topology shown in Figure 20.
Figure 20: Example of Level 1 and Level 2 Routing

In this example, Router 4 in Area 1 considers Router 2 to be its next hop for interarea traffic, and Router 5 considers Router 3 to be its next hop for interarea traffic. Traffic from Router 4 to Router 8 passes through Router 2, requiring a total of five hops to the destination: Routers 2, 1, 3, 9, and 8. Similarly, five hops are required for traffic from Router 5 to Router 7.
Neither of these paths is optimal. For example, it would be shorter for traffic from Router 4 to take the four-hop path: Routers 5, 3, 9, and 8.
You can configure IS-IS to redistribute routes between the routing levels; this is sometimes known as route leaking between levels. The redistribute isis ip command enables you to specify a route filter (an access list) and the direction of leakage, as shown in the following example:
When you issue the redistribute isis ip command and include the route-map keyword, you can use the map to set a route tag for a route redistributed from one IS-IS level to another. Make sure the route map you specify includes the set tag command that defines a tag value for the IS-IS routes to be redistributed. For details about configuring and using route maps, see JunosE IP Services Configuration Guide.
To redistribute IPv6 routes from one IS-IS level to another, use the redistribute isis command from within the IS-IS IPv6 address family.
redistribute isis
- Use to redistribute IS-IS IPv6 routes from level 1 to level 2 or from level 2 to level 1.
- Use the route-map keyword to specify the route map to be applied. You can use the route map to set a route tag for redistributed routes.
- Examplehost1(config-router-af)#redistribute isis level-1 into level-2
- Use the no version to stop redistribution of IPv6 routes between the specified levels.
- See redistribute isis
redistribute isis ip
- Use to redistribute IS-IS IP routes from level 1 to level 2 or from level 2 to level 1.
- Specify one of the following:
- Use the distribute-list keyword to specify the IP access list used to filter routes between levels. Issue the access list command to create a route filter to apply to the redistribution.
- Use the route-map keyword to specify the route map to be applied. You can use the route map to set a route tag for redistributed routes.
- Example 1—Redistributes IS-IS IP routes between
levels, filtered by an access list.host1(config-router)#redistribute isis ip level-1 into level-2 distribute-list leakList
- Example 2—Redistributes IS-IS IP routes between
levels, filtered by a route map.host1(config-router)#redistribute isis ip level-2 into level-1 route-map boston01
- Use the no version to stop redistribution of IP routes between the specified levels.
- See redistribute isis ip
Advertising IPv4 and IPv6 Prefixes of Passive Interfaces
Convergence is the process in which all routers in a network calculate the optimal routes for the network. Whenever there is any change in network topology, routing update messages flood the network to enable the routers to recalculate optimal routes, which increases network convergence time. You can configure IS-IS to advertise IPv4 and IPv6 prefixes that belong to only passive interfaces and exclude prefixes of connected networks from the LSP. This feature reduces network convergence time between two integrated IS-IS systems by allowing only connected passive interfaces to be advertised.
Enabling the advertisement of passive interfaces feature causes only connected passive IPv4 and IPv6 prefixes to be retained in the LSP database. All other entries are removed from the LSP database. However, redistributed routes are maintained without any modification. Disabling this feature restores all the entries in the LSP database, thus allowing all IP prefixes to be advertised.
advertise-passive-only
- Use to advertise IPv4 and IPv6 prefixes that belong to only passive interfaces.
- The default value is disabled.
- Use the show isis database detail command to verify the displayed IPv4 and IPv6 prefixes.
- Example 1: To configure advertisement of IPv4 prefixes,
do the following:
- Specify an IS-IS routing process and access Router Configuration
mode.host1(config)#router isis host1(config-router)#
- Configure advertisement of only passive interfaces.host1(config-router)#advertise-passive-only
- Exit Router Configuration mode.host1(config-router)#exit
- (Optional) Access Privileged Exec mode and verify the
advertised IPv4 prefixes.host1(config)#exit host1#show isis database detail
- Specify an IS-IS routing process and access Router Configuration
mode.
- Example 2: To configure advertisement of IPv6 prefixes,
do the following;
- Specify an IS-IS routing process and access Router Configuration
mode.host1(config)#router isis R2
- Access Address Family Configuration mode for IPv6 prefixes.host1(config-router)#address-family ipv6
- Configure advertisement of only passive interfaces.host1(config-router-af)#advertise-passive-only
- Exit the Address Family Configuration and Router Configuration
modes.host1(config-router-af)#exit host1(config-router)#exit
- (Optional) Access Privileged Exec mode and verify the
advertised IPv6 prefixes.host1(config)#exit host1#show isis database detail
- Specify an IS-IS routing process and access Router Configuration
mode.
- Use the no version to disable the command.
- See advertise-passive-only
Controlling Granularity of Routing Information
You can force the distribution of level 2 routing information to level 1 routers in other areas to improve the quality of the resulting routes, but at the cost of reduced scalability.
distribute-domain-wide
- Use to increase the granularity of routing information within a domain.
- Domainwide prefix distribution enables a routing domain running with both level 1 and level 2 IS-IS routers to distribute IP prefixes from level 2 to level 1 between areas.
- The major advantage for using domainwide prefix distribution is to improve the quality of the resulting routes within a domain by distributing more specific information.
- The major disadvantage of using domainwide prefix distribution is that it affects the scalability of IS-IS. When used, it increases the number of prefixes throughout the domain, causing increased memory consumption, transmission requirements, and computation requirements throughout the domain.
- A trade-off decision must be made between scalability and optimality.
- Issue this command from within the IS-IS IPv6 address family to increase the granularity of IPv6 routing information within a domain.
- Examplehost1(config-router)#distribute-domain-wide
- Use the no version to halt the distribution of routes from level 2 to level 1.
- See distribute-domain-wide
Configuring a Global Default Metric
You can use the metric command to specify a global default metric that applies to all active IS-IS interfaces. This command enables you to avoid configuring the desired metric on each active interface individually when you want all IS-IS interfaces to have the same metric, but a different value than the individual default of 10. The global default metric applies to both level 1 and level 2 interfaces unless you restrict it to one level.
If you have configured a nondefault metric on any IS-IS interface with the isis metric command, that value overrides the global default metric.
Reference bandwidth takes precedence over both individual and global default metrics. If you have configured a reference bandwidth, the metric command has no effect on interface metrics,
You can use the following commands to verify configuration of the global default metric:
- show configuration
- show clns interface
- show clns protocol
- show isis database detail
metric
- Use to apply the same default metric value to all active IS-IS interfaces. The command affects both IPv4 and IPv6 interfaces.
- Specify whether the command applies to level 1 or level 2 interfaces. If you do not specify a level, then the metric is applied to both level 1 and level 2 interfaces.
- Example host1(config-router)#metric 50 level-1
- Use the no version to remove the global default value. This restores the default value of 10 to all active IS-IS interfaces except for interfaces that have been individually configured with another metric value.
- See metric
Configuring Metric Type
Extensions to IS-IS traffic engineering enable the use of bigger metrics. You can specify whether your router accepts, generates, or accepts and generates only old-style metrics, only new-style metrics, or both.
metric-style narrow
- Use to specify that the router generates and accepts only old-style TLV tuples.
- Old-style TLVs refers to TLVs having metrics with a narrow (six-bit) field with a value in the range 0–63. New-style TLVs refers to TLVs having metrics with a wider field, as provided for in current extensions to IS-IS traffic engineering.
- Use the transition option to accept old-style and new-style metrics; only old-style metrics are generated.
- Specify whether the command applies to level 1, level 2, or both.
- Example host1(config-router)#metric-style narrow level-2
- Use the no version to restore the default, which is to generate and accept only old-style TLVs with narrow (six-bit) metric fields.
- See metric-style narrow
metric-style transition
- Use to specify that the router generates and accepts both old-style and new-style TLV tuples.
- Old style refers to TLVs having metrics with a narrow (six-bit) field with a value in the range 0–63. New style refers to TLVs having metrics with a wider field, as provided for in current extensions to IS-IS traffic engineering.
- Specify whether the command applies to level 1, level 2, or both.
- Example host1(config-router)#metric-style transition level-1
- Issuing this command results in more resource usage than issuing the metric-style narrow or metric-style wide commands.
- Use the no version to restore the default, which is to generate and accept only old-style TLVs with narrow (six-bit) metric fields.
- See metric-style transition
metric-style wide
- Use to specify that the router generates and accepts only new-style TLV tuples.
- Old style refers to TLVs having metrics with a narrow (six-bit) field with a value in the range 0–63. New style refers to TLVs having metrics with a wider field, as provided for in current extensions to IS-IS traffic engineering.
- Use the transition option to accept old-style and new-style metrics; only new-style metrics are generated.
- Specify whether the command applies to level 1, level 2, or both.
- Before you set a route tag for an IS-IS interface, you must issue the metric-style wide command to configure the router to generate and accept TLV type 135, which is a new-style tuple that contains the route tag.
- Example host1(config-router)#metric-style wide level-1-2
- Use the no version to restore the default, which is to generate and accept only old-style TLVs with narrow (six-bit) metric fields.
- See metric-style wide
Setting the Administrative Distance
You can indicate the dependability of a routing information source by configuring the administrative distance for learned routes.
distance ip
- Use to configure the administrative distance for IS-IS learned routes.
- The distance indicates the dependability of a routing information source. A higher relative value indicates lower dependability. Preference is always given to the routes with smaller values.
- Select a value in the range 1–255. A value of 255 means discard the route.
- Examplehost1(config-router)#distance ip 50
- Use the no version to restore the default value, 115.
- See distance ip
Configuring Default Routes
You can specify a default route within IS-IS routing domains. You can also suppress the installation of a default route to level 1-2 routers by level 1 routers.
Optionally, when you issue the default-information originate command and specify a route map, you can use the map to set a route tag for the default route. Make sure the route map you specify includes the set tag command, which defines a tag value for the default route within the IS-IS domain. For details about configuring and using route maps, see JunosE IP Services Configuration Guide.
default-information originate
- Use to generate a default route into an IS-IS routing domain.
- When you specify a route map with this command and the router has a route to 0.0.0.0 in the routing table, IS-IS originates an advertisement for 0.0.0.0 in its LSPs.
- When you do not specify a route map, the default route is advertised only in level 2 LSPs.
- If you specify a route map, you can use the map to set a route tag for the default route.
- For level 1 routing, look for the closest level 1-2 router to find the default route. The closest level 1-2 router is found by looking at the attach bit (ATT) in level 1 LSPs.
- The default value is disabled.
- Example1host1(config-router)#default-information originate
- Example 2host1(config-router)#default-information originate route-map map3
- Use the no version to disable the command.
- See default-information originate
suppress-default
- Use to prevent level 1 routers from automatically installing a default route to a level 1-2 router in order to reach destinations outside the area.
- Suppresses the level 1-2 router from indicating to level 1 routers that it can reach other areas. Consequently, the level 1 routers do not consider the level 1-2 router to be the nearest attached level 2 router and do not install default routes to it.
- This command is useful, for example, if you issue the distribute-domain-wide command, which causes the level 2 routes to be leaked into the level 1 area. The level 1 routers then have knowledge of the routes outside the area and will not need to rely on the nearest attached level 2 router for any unknown destination.
- Examplehost1(config-router)#suppress-default
- Use the no version to disable suppression of default routes.
- See suppress-default
Disregarding the Attach Bit in Level 1 LSPs
You can configure IS-IS to disregard the Attach Bit (ATT) in level 1 LSPs in a multiarea environment. In level 1 routing, the closest level 1-2 router is used to find default routes within IS-IS routing domains. The closest level 1-2 router is found by examining the attach bit in the level 1 LSP. Disregarding the attach bit prevents default routes from being installed.
The ability to disregard the attach bit has the following benefits:
- Enables selective route leaking from level 2 to level 1. Selective route leaking allows all traffic that is not reachable from level 1 to be dropped at level 1 instead of dropping them at higher levels.
- Suboptimal routing can be prevented when a level 1 router has adjacencies to two different attached level 1-2 routers.
- Enables you to effectively advertise only loopback addresses reachability.
ignore-attached-bit
- Use to disregard the attach bit.
- The default value is disabled.
- Use the show ip route command to check whether the default route is displayed.
- Example
- Specify an IS-IS routing process and access Router Configuration
mode.host1(config)#router isis host1(config-router)#
- Configure IS-IS to disregard the attach bit.host1(config-router)#ignore-attached-bit
- Exit Router Configuration mode.host1(config-router)#exit
- (Optional) Access Privileged Exec mode and verify the
display of a default route.host1(config)#exit host1#show ip route
- Specify an IS-IS routing process and access Router Configuration
mode.
- Use the no version to disable the command.
- See ignore-attached-bit
Setting Router Type
You can specify whether the router behaves as an IS-IS station router, area router, or both.
is-type
- Use to configure the router to act as either a station router (level 1), an area router (level 2), or as both a station router and an area router (level-1-2).
- Always configure the type of IS-IS router.
- Level-1-2 is the default.
- Example host1(config-router)#is-type level-2-only
- Use the no version to restore the default value, level-1-2.
- See is-type
Summarizing Routes
You can summarize routes redistributed into IS-IS or within IS-IS by creating aggregate addresses for the routes. Use the summary-address command for IP routes and the summary-prefix command for IPv6 routes.
Optionally, you can set a route tag for an IS-IS aggregate (summary) address by including the tag keyword and a numeric tag value in the command.
summary-address
- See summary-address
summary-prefix
- Use to create aggregate addresses of routes that are redistributed from other protocols in the routing table or distributed between level 1 and level 2 by a summary address. This process is called route summarization.
- A single summary address includes groups of addresses for a given level.
- Use the summary-address command for IP routes. Use the summary-prefix command for IPv6 routes.
- The metric value is used when the router advertises the summary address. When the metric value is not used, the value of the lowest cost route (the default) is used.
- This command reduces the size of the neighbor’s routing table and improves stability because a summary advertisement depends on many more specific routes.
- A disadvantage of summary addresses is that other routes might have less information to calculate the optimal routing table for all individual destinations.
- Use the optional tag keyword to specify a tag value for an IS-IS summary address. The tag value must be a number in the range 1–4294967295.
- Example 1—For IP routes host1(config-router)#summary-address 10.2.0.82 255.255.0.0 level-1-2 tag 34
- Example 2—For IPv6 routes host1(config-router-af)#summary-prefix 2001:2000::0/8 level-1 metric 10 tag 100
- Use the no version to restore the default, the value of the lowest-cost route.
- See summary-prefix
Avoiding Transient Black Holes
When you start or reload a transit router that is running both IS-IS and BGP, the router is temporarily unavailable to the routing domain. Other routers in that routing domain must select alternative paths to destinations that used the transit router. When the transit router becomes available again, the other routers soon select it again as the optimal path to those destinations.
The other routers select the transit router again before it has loaded the complete BGP routing table. Because the transit router does not yet have all the reachability information that is needed to reach some external destinations, traffic to destinations that were not learned by means of the IGP is dropped until the transit router has complete external reachability information again. This condition is known as a transient black hole.
You can use the overload bit to avoid these black holes. When the overload bit is set in the LSP header, other routers in the domain do not include the transit router in their SPF calculations and thus do not use that router for traffic forwarding.
When the transit router boots, it begins establishing adjacencies with its neighbors. As soon as it establishes an adjacency, it creates (or updates) its LSP, sets the overload bit in the LSP header, and transmits the LSP with the current neighbor information. By sending the updated LSP with the overload bit set immediately after forming the first adjacency, IS-IS reduces the convergence time across the network.
If IS-IS waits for all adjacencies to be up before it sends the updated LSP with the overload bit set, the other routers in the domain still have the transit router's old LSP and continue to forward transit traffic to the transit router until all adjacencies are formed. That traffic is lost.
Waiting for BGP Convergence
When BGP converges, the transit router again has the reachability information it needs to forward traffic to destinations that are not directly connected. Typically, you then want the transit router to clear the overload bit in its LSP and retransmit the LSP to inform the other routers in the domain that they can use it as a transit router.
BGP is assumed to have converged when all of the following conditions have been met:
- 90 percent of BGP peers have reached an established state,
- The transit router has received an end-of-rib marker from all IBGP peers that advertise the graceful-restart capability.
- The average rate of learning new routes has dropped to a low level.
Example Topology
Figure 21 shows a sample topology where source end system A is communicating with destination end system B through routers 1, 2, 3, and 4.
Figure 21: Transit Router Topology

The transit routers, 2 and 3, learn the route to B from BGP. In a steady state environment, the BGP routing tables are synchronized on all the transit routers.
Suppose the traffic forwarding path is currently A –> 1 –> 2 –> 4 –> B. If transit router 2 goes down, the network converges to the alternative path, A –> 1 –> 3 –> 4 –> B. Because transit router 3 already had synchronized its BGP routing tables, traffic forwarding continues without delay.
When transit router 2 reloads, it establishes adjacencies with routers 1 and 4, and sends out its LSP advertising its neighbors. While router 2 begins to synchronize its BGP routes, the network reconverges to the original path of A –> 1 –> 2 –> 4 –> B. Traffic from A to B is forwarded to router 2. Typically, BGP has not converged by then, so router 2 does not have the BGP route that it needs to forward the traffic, and drops the packets, resulting in a black hole until the BGP convergence is complete.
You can avoid this black hole by configuring the overload bit for the transit router. In this circumstance, router 2 sends out its LSP with the overload bit set in its header as soon as it reloads, before it establishes all adjacencies. The bit set in the header indicates to all the routers in the domain that router 2 is overloaded and not to use it to carry transit traffic. The forwarding path continues to be the alternative path, A –> 1 –> 3 –> 4 –> B, even after router 2 reloads.
When BGP convergence is complete at router 2, router 2 sends out a new LSP with the overload bit cleared. The other routers then include router 2 in their SPF calculations and revert to the original path, of A –> 1 –> 2 –> 4 –> B.
Suppression for IS-IS Graceful Restart
When graceful restart is configured on the transit router, the black hole avoidance feature is suppressed.
Configuration
You can configure the transit router to set the overload bit when it reloads and to then wait for a specified interval before it clears the bit and retransmits its LSP. More commonly, and to avoid the transient black holes, you configure the transit router to wait for BGP to converge, and specify an interval it waits after convergence before it clears the bit and retransmits its LSP.
set-overload-bit
- Use to configure the router to set the overload bit in the header of its nonpseudonode LSPs.
- While the overload bit is set, other routers in the domain do not include this router in their shortest-path-first (SPF) calculations. Consequently, the other routers do not detect any paths through this router and do not forward traffic through this router. However, IP prefixes directly connected to this router are still reachable. When the bit is cleared, the router is again included in SPF calculations.
- You can set the overload bit for a number of reasons,
including the following:
- To prevent traffic through the router from disappearing into transient black holes.
- To reduce routing table inaccuracies caused by router problems such as memory shortage.
- To prevent real traffic from flowing through a router to an IS-IS network, such as might be the case for a test router connected to a production network.
- Use the on-startup keyword to set the overload bit when the router reboots and to specify a period in seconds that IS-IS waits after the reboot before it clears the overload bit.
- Use the on-startup wait-for-bgp keywords to instruct IS-IS to set the overload bit when the router reboots and then wait until BGP has completed convergence after the reload before IS-IS clears the overload bit. You can specify a maximum interval that IS-IS waits for BGP notification. When that interval passes, IS-IS clears the overload bit. If you do not specify an interval, IS-IS waits a default 600 seconds and then clears the overload bit.
- If you issue the on-startup keyword but do not issue the wait-for-bgp keyword, then you must specify the number of seconds that IS-IS waits after a reload before clearing the overload bit.
- If you issue both the on-startup keyword and the wait-for-bgp keyword, you cannot specify a time interval for on-startup but can optionally do so for wait-for-bgp.
- By default, the overload bit is not set.
- Example 1host1(config-router)#set-overload-bit
- Example 2host1(config-router)#set-overload-bit on-startup 900
- Example 3host1(config-router)#set-overload-bit on-startup wait-for-bgp 450
- Use the no version to disable the setting.
- See set-overload-bit
Ignoring LSP Errors
You can configure the router to ignore rather than purge LSPs received with errors.
ignore-lsp-errors
- Use to enable your router to ignore rather than purge IS-IS LSPs that are received with internal checksum errors.
- Under normal conditions, the IS-IS protocol definition requires that received LSPs with incorrect data link checksums are to be purged by the receiver. This causes the LSP initiator to regenerate LSPs. If a network link causes data corruption while still delivering LSPs with correct data link checksums, a continuous cycle of regenerating and purging LSPs may result. This can render the network nonfunctional. Enabling this command prevents this continuous cycle from occurring because LSPs are ignored rather than purged.
- Example host1(config-router)#ignore-lsp-errors
- Use the no version to disable the function.
- See ignore-lsp-errors
Logging Adjacency State Changes
You can configure the router to log messages that track when adjacencies change state between up and down.
log-adjacency-changes
- Use to generate log messages that track IS-IS adjacency state changes (up or down).
- The default is not to log adjacency state changes.
- Recommended for monitoring large networks.
- The system logs messages by using the router error message facility.
- Specify the minimum severity (0–7) or verbosity (low, medium, high) of this log category's messages.
- You can also use the system log command to generate the desired log messages.
- Example host1(config-router)#log-adjacency-changes severity 3 verbosity low
- Use the no version to disable the function.
- See log-adjacency-changes
Configuring LSP Parameters
You can specify the following parameters for LSPs:
- Maximum transmission unit (MTU)
- Transmission rate
- Generation rate
- Maximum lifetime
lsp-gen-interval
- Use to set the minimum interval rate that LSPs are generated on a per-LSP basis.
- You can set an interval value in the range 0–120 seconds.
- The default interval value is 5 seconds. When a link is changing state at a high rate, the default value limits the signaling of the changing state to once every 5 seconds. Because the generation of an LSP may cause all routers in the area to perform the SPF calculation, controlling this interval can have an areawide effect.
- When you raise this interval, you reduce the load on the network imposed by a rapidly changing link.
- Example host1(config-router)#lsp-gen-interval level-2 30
- Use the no version to restore the default value, 5.
- See lsp-gen-interval
lsp-mtu
- Use to specify the MTU LSP size in bytes. The size must be less than or equal to the smallest MTU of any link in the area.
- Use this command to limit the size of LSPs generated by this router only. The router can receive LSPs of any size up to the maximum.
- You can set the value in the range 128–9180.
- The default LSP MTU value is 1497.
- When a very large amount of information is generated by a single router, we recommend that you increase the LSP MTU. However, the default MTU is usually sufficient.
- If the MTU of a link is lowered to less than 1500 bytes, the LSP MTU must be lowered accordingly on each router in the network. If this is not done, routing may become unpredictable.
- Example host1(config-router)#lsp-mtu 1500
- Use the no version to restore the default value, 1497.
- See lsp-mtu
lsp-refresh-interval
- Use to set the LSP rate at which locally generated LSPs are periodically transmitted.
- The refresh interval determines the rate at which the router software periodically transmits the route topology information that it originates. These transmissions refresh the link-state information, reaffirming that the router is still up and that the link-state information in the LSP is still valid.
- You can set the interval rate in the range 1–65535 seconds; the default is 900 seconds.
- LSPs must be periodically refreshed before their lifetimes expire. The refresh interval must be less than the LSP lifetime specified by max-lsp-lifetime.
- In the unlikely event that link stage database corruption is undetected, reducing the refresh interval reduces the amount of time that the corruption can persist.
- Increasing the interval reduces the link utilization caused by the flooding of refreshed packets.
- Example host1(config-router)#lsp-refresh-interval 1000
- Use the no version to restore the default value, 900 seconds.
- See lsp-refresh-interval
max-lsp-lifetime
- Use to set the maximum time that LSPs persist without being refreshed.
- You can select a maximum time in the range 1–65535 seconds.
- The default value is 1200 seconds (20 minutes).
- You might need to adjust the maximum LSP lifetime if you change the LSP refresh interval with the lsp-refresh-interval command. The maximum LSP lifetime must be greater than the LSP refresh interval.
- Example host1(config-router)#max-lsp-lifetime 1500
- Use the no version to restore the default value, 1200 seconds.
- See max-lsp-lifetime
Specifying the SPF Interval
You can configure how often the router performs the shortest-path-first (SPF) calculation. IS-IS runs SPF calculations in response to any change in its link-state database. Because SPF calculation is processor intensive, increasing the SPF interval reduces the processor load of the router, but can slow down the rate of convergence.
Topology changes in a network cause all routers involved in the change to regenerate their LSDB and flood new LSPs throughout the network. Therefore, a router that receives a new LSP is likely to receive more LSPs in the following seconds. An immediate response to a given change is going to miss the subsequent topology changes and spend CPU time. When many changes are taking place, a slower response to each change makes more sense.
IS-IS enables the router to respond quickly to an isolated network event, but to slow the response exponentially when many triggering events are taking place in rapid succession. SPF calculations are performed at exponentially increasing intervals until the maximum interval set by the spf-interval command is reached.
The first SPF calculation is performed immediately when the LDSB changes. If another calculation-triggering event occurs, the router waits 1 second before performing the SPF calculation. If another event occurs, the router waits 2 seconds before performing the SPF calculation. The interval between a triggering event and the corresponding SPF calculation continues to increase exponentially: 4 seconds, 8 seconds, 16 seconds, and so on. When the maximum configured interval is reached, the interval reverts back to immediate response mode for the next triggering event.
If no calculation-triggering network events have occurred by the end of any given back-off interval, the router reverts back to immediate response mode.
spf-interval
- Use to set the maximum interval between SPF calculations.
- You can select an interval value in the range 0–120 seconds.
- The default value is 5 seconds.
- If you do not specify level-1 or level-2, the interval applies to both level 1 and level 2.
- SPF calculations are performed only when the topology of the area changes. They are not performed when external routes change.
- Example host1(config-router)#spf-interval level-2 30
- Use the no version to restore the default value, 5 seconds.
- See spf-interval
Defining the SPF Route Calculation Level
The IS-IS protocol uses the Dijkstra’s algorithm to compute IP node metrics when a change occurs within the IS-IS network. This calculation results in the IS-IS router containing a shortest-path tree (SPT) that maps the shortest path to each node in the IS-IS network.
By default, the router uses a partial route calculation (PRC) SPF to determine the next hop (when required). This partial computation occurs when the router receives link-state PDUs (LSPs) with only changes relating to IP prefixes (for example, the addition of a new IP prefix, change in attributes of an existing IP prefix, or the removal of an existing IP prefix).
Because changes in IP prefixes happen more frequently than other events, using the PRC SPF results in faster IS-IS convergence and saves router resources. However, you can also specify that the router always use full SPF, recalculating the entire SPT, when resolving any IS-IS state changes.
full-spf-always
- Use to enable and disable full SPF calculations for IS-IS network changes.
- Example host1(config-router)#full-spf-always
- Use the no version to restore partial route calculation (PRC) mode for SPF calculations.
- See full-spf-always
Setting CLNS Parameters
You can specify transmission rates for ES and IS hello packets, the period for which the router considers ES and IS hello packets to be valid, and name-to-network service access point mappings.
clns configuration-time
- Use to specify the rate (in seconds) at which ES hello and IS hello packets are sent.
- The hello packet recipient creates an adjacency entry for the router that sent it. If the next hello packet is not received within the specified interval, the adjacency times out, and the adjacent node is determined to be unreachable.
- In most cases, leave these parameters at their default value, which is 10 seconds.
- Example host1(config)#clns configuration-time 240
- Use the no version to restore the default value, 10 seconds.
- See clns configuration-time
clns holding-time
- Use to enable sender of an ES hello or IS hello packet to specify the length of time you consider the information in these packets to be valid.
- In most cases, leave these parameters at their default value, which is 30 seconds.
- Example host1(config)#clns holding-time 900
- Use the no version to restore the default value, 30 seconds.
- See clns holding-time
clns host
- Use to define a name-to-NSAP mapping that can then be used with commands requiring NSAPs.
- The default is that no mapping is defined.
- The assigned NSAP name is displayed, where applicable, in show commands.
- The first character can be either a letter or a number.
- This command is generated after all other CLNS commands when the configuration file is parsed. As a result, the NVRAM version of the configuration cannot be edited to specifically change the address defined in the original clns host command. You must specifically change any commands that refer to the original address. This affects commands that accept names, such as the net command.
- Enables dynamic resolution of hostnames to system IDs (within the NSAP address). The hostname mapping is sent in the LSPs within the Dynamic Hostname type-length-value (TLV type 137). Display the TLV by issuing the show isis database detail command.
- Use the show hosts command to display the mapping.
- Examplehost1(config)#clns host
- Use the no version to restore the default state of no mapping defined.
- See clns host
Setting the Maximum Parallel Routes
You can configure how many parallel routes IS-IS supports to a destination.
maximum-paths
- Use to control the maximum number of parallel routes IS-IS can support.
- You can select a number of routes (or paths) in the range 1–16.
- The default number for IS-IS is 4 paths.
- Example host1(config-router)#maximum-paths 12
- Use the no version to restore the default value, 4.
- See maximum-paths
Configuring a Virtual Multiaccess Network
You can specify that interfaces within a given mesh group act as a virtual multiaccess network.
isis mesh-group
- Use when you want interfaces in the same mesh group to act as a virtual multiaccess network.
- LSPs seen on one interface in a mesh group are not flooded to another interface in the same mesh group.
- Example host1(config-if)#isis mesh-group blocked
- Use the no version to disable the feature.
- See isis mesh-group
Configuring Table Maps
You can use the table-map command to apply a specified route map as a policy filter on an IS-IS route before the route is installed in the routing table. The route map you apply must contain one or more set commands to modify route attributes.
table-map
- Use to apply a policy to modify distance, level, metric, metric type, origin, preference, route type, or tag values of IS-IS routes about to be added to the IP routing table.
- The router applies the new route map to all routes currently in the forwarding table and those about to be installed in the forwarding table.
- If any previously redistributed routes are changed as a result of applying the route map, the router redistributes these routes again with the changes caused by the route map.
- The router removes from the forwarding table any old routes that are now disallowed by the specified route map.
- Issue the command from the IS-IS IPv6 address family to apply a specified route map as a policy filter on an IS-IS IPv6 route before the route is installed in the routing table. IS-IS IPv6 supports only a single table map.
- Example
The following commands apply a policy (route map) named metricTypeExt to modify the metric type of IS-IS routes configured with a route tag value of 33.
host1(config)#route-map metricTypeExt permit 5 host1(config-route-map)#match tag 33 host1(config-route-map)#set metric-type external host1(config-route-map)#exit host1(config)#router isis marketing host1(config-router)#table-map metricTypeExt host1(config-router)#exit host1(config)#exit - Use the no version to halt application of the route map.
- See table-map
Configuring Graceful Restart
To enable IS-IS graceful restart (also known as nonstop forwarding, or NSF) on the router, you must first issue the nsf ietf command (in Router Configuration mode). You can then configure one or more optional timing parameters for graceful restart on the router.
To enable IS-IS graceful restart and configure optional graceful restart parameters:
- Specify a previously configured IS-IS routing process
to access Router Configuration mode. (For information about enabling
IS-IS on the router, see Enabling IS-IS for IP Routing.)host1(config)#router isis engineering host1(config-router)#
- Enable the IS-IS graceful restart mechanism for the router. host1(config-router)#nsf ietf
- (Optional) Configure one or more of the following timing
parameters for the restarting router:
- Set the maximum time in seconds that the router waits
before completing the restart process.host1(config-router)#nsf interface wait 30
- Set the time interval in seconds between restart requests
sent by the router.host1(config-router)#nsf t1 interval 60
- Set the number of times that the router resends unacknowledged
restart requests.host1(config-router)#nsf t1 retry-times 3
- Set the maximum time in seconds that the router waits
for the LSP database to synchronize. You must configure this parameter
separately for each IS-IS level at which the router operates.host1(config-router)#nsf t2 level-1 70 host1(config-router)#nsf t2 level-2 50
- Set the maximum time in seconds that the restarting router
waits before setting the overload bit to indicate that the graceful
restart operation has failed. You can use either of the following
methods:
- Set the wait time manually to the specified number of
seconds.host1(config-router)#nsf t3 manual 80
- Specify that router obtain the wait time from neighboring
IS-IS routers to which it has active adjacencies.host1(config-router)#nsf t3 adjacency
- Set the wait time manually to the specified number of
seconds.
- Set the maximum time in seconds that the router waits
before completing the restart process.
- (Optional) Issue the show isis nsf command from Privileged
Exec mode to verify the graceful restart configuration.host1(config-router)#exit host1(config)#exit host1#show isis nsf
For more information about monitoring graceful restart, see show isis nsf command description in Monitoring IS-IS Parameters and the show clns neighbors command description in Displaying CLNS.
![]() | Note: For information about configuring hold timers for IS-IS graceful restart in scaled environments, see the Configuring Hold Timers for Successful Graceful Restart in Scaled Scenarios section in the JunosE BGP and MPLS Configuration Guide |
nsf ietf
- Use to enable the IS-IS graceful restart mechanism on the router.
- Graceful restart, which is also known as nonstop forwarding (NSF), allows an IS-IS router to restart with minimal routing disruption to the network.
- Examplehost1(config-router)#nsf ietf
- Use the no version to restore the default state for IS-IS graceful restart on the router, disabled.
- See nsf ietf
nsf interface wait
- Use to specify the maximum amount of time, in seconds, that an IS-IS process on a restarting router waits for all interfaces with IS-IS adjacencies to come up before completing the restart process.
- You can specify a value in the range 5–120 seconds.
- Examplehost1(config-router)#nsf interface wait 45
- Use the no version to restore the default maximum wait time, 10 seconds.
- See nsf interface wait
nsf t1
- Use to specify either the interval between IS-IS restart requests sent by the router or the number of times that the router resends unacknowledged restart requests.
- Use the interval keyword to specify the number of seconds, in the range 5–300, between restart requests sent by the router on a particular IS-IS interface to neighboring IS-IS routers in the network.
- Use the retry-times keyword to specify the number of times, in the range 1–10, that the router tries to resend unacknowledged restart requests.
- The restarting router stops sending restart requests after it receives an acknowledgment.
- Example 1host1(config-router)#nsf t1 interval 90
- Example 2host1(config-router)#nsf t1 retry-times 2
- Use the no version to restore the default time interval, 5 seconds, or the default number of retry attempts, 3.
- See nsf t1
nsf t2
- Use to specify the maximum amount of time, in seconds, that a restarting router waits for the LSP database to synchronize.
- You must configure independent instances of the T2 timer for each IS-IS level at which the router operates. This requirement means that for a level 1-2 router, you must issue this command twice: first to configure the timer for level 1, and a second time to configure it for level 2.
- Use either the level-1 keyword to set the T2 wait time for level 1 routing, or the level-2 keyword to set the wait time for level 2 routing.
- You can specify a value in the range 5–600 seconds for each level.
- Example—Configures the T2 wait time for a level
1-2 IS-IS routerhost1(config-router)#nsf t2 level-1 70 host1(config-router)#nsf t2 level-2 50
- Use the no version to restore the default T2 wait time, 100 seconds.
- See nsf t2
nsf t3
- Use to specify the maximum amount of time, in seconds, that the restarting router waits before setting the overload bit.
- The restarting router sets the overload bit to indicate that the LSP database has not been synchronized and the IS-IS graceful restart operation has failed.
- You must use one of the following methods to set the T3
wait time:
- Use the manual keyword and a value in the range 5–900 seconds to set the T3 wait time manually.
- Use the adjacency keyword to specify that the restarting router should obtain its T3 wait time from neighboring IS-IS routers that have active adjacencies to this router. This option sets the wait time to the minimum of the remaining times specified in the restart TLVs contained in the hello packets that the router receives from its neighbors.
- Example1host1(config-router)#nsf t3 manual 120
- Example 2host1(config-router)#nsf t3 adjacency
- Use the no version to restore the default T3 wait time, 200 seconds.
- See nsf t3