IS-IS Purge Originator Identification Overview

Starting in Junos OS release 16.2R1, when the IS-IS protocol purges entries from IS-IS link-state database, there is no way to identify the origin of the purge. If there is a need to investigate the cause of the purge, it is difficult to determine the Intermediate system (IS) that initiated the purge. RFC 6232, Purge Originator Identification TLV for IS-IS defines a type, length, and value (TLV) that can be added to the purges, to record the system ID of the IS that had initiated the purge. If an IS generates a purge, this TLV is included in the purge, which also has the system ID of the IS. If an IS receives a purge, the Link State Protocol Data Unit (LSP) flooding does not change the LSP contents, and the TLV is propagated with the purge itself. If an IS receives a purge that does not include this TLV, it adds this TLV with both its own system ID and the system ID of the IS from which it received the purge. This allows the IS that receives this purge to log the system ID of the originator, or the upstream source of the purge. This makes it easier to locate the origin of the purge and its cause. This TLV is also helpful in lab environments.

There is a possibility that during a network attack, a low lifetime is generated maliciously for an LSP, which can initiate a purge on timeout. These LSPs with low lifetime need to be filtered out to avoid purges triggered by a low lifetime LSP.