Multi-Topology IS-IS

Understanding Multi-Topology IS-IS

Multi-Topology IS-IS (MT-ISIS) allows multiple routing topologies to coexist within a single IS-IS domain. This enables advanced traffic engineering and supports different network services with different requirements.

Multi-Topology Concepts

Traditional single-topology IS-IS uses a single SPF tree for all destinations. Multi-topology IS-IS creates separate SPF trees for different topologies, allowing different routing paths for different types of traffic.

Benefits of Multi-Topology

Traffic Engineering
  • Separate paths for different services
  • QoS-aware routing
  • Load distribution optimization
  • Bandwidth reservation support
Service Separation
  • IPv4 and IPv6 separation
  • Management traffic isolation
  • Critical service protection
  • Multicast topology support

Topology Identifiers

Topology ID Name Description Use Case
0 Standard/IPv4 Default IS-IS topology Standard unicast IPv4
2 IPv6 IPv6 unicast topology IPv6 routing
3 IPv4 Multicast IPv4 multicast topology Multicast routing
4 IPv6 Multicast IPv6 multicast topology IPv6 multicast
6-4095 Reserved/Private Vendor-specific or reserved Custom applications

MT-ISIS Configuration

Multi-Topology Configuration Example

# Enable multi-topology support
router isis
 metric-style wide
 address-family ipv4 unicast
  multi-topology
 address-family ipv6 unicast
  multi-topology

# Configure topology-specific metrics
interface GigabitEthernet0/0
 isis metric 100 level-1
 isis metric 200 level-2
 isis ipv6 metric 150 level-1
 isis ipv6 metric 250 level-2

# Topology-specific configuration
router isis
 address-family ipv4 unicast
  topology ipv4-unicast
  metric-style wide
 address-family ipv6 unicast
  topology ipv6-unicast
  metric-style wide

MT-ISIS TLVs

TLV Name Purpose MT Support
222 MT IS Neighbors Multi-topology IS neighbors Yes
229 MT-ID Multi-topology identifier Yes
235 MT IP Reach Multi-topology IP reachability Yes
237 MT IPv6 Reach Multi-topology IPv6 reachability Yes

IS-IS Authentication

Authentication Overview

IS-IS authentication provides security by verifying the identity of neighboring routers and ensuring the integrity of routing information. It helps prevent unauthorized routers from participating in the routing domain.

Authentication Types

Plain Text

Security: Low

Use Case: Development/testing

Configuration:

area-password cisco

Note: Password visible in clear text

MD5 HMAC

Security: Medium

Use Case: Production networks

Configuration:

area-password cisco123 authenticate hmac-md5

Note: Cryptographic hash

Keychain

Security: High

Use Case: Enterprise networks

Configuration:

authentication key-chain ISIS-KEYS

Note: Key rotation support

Authentication Levels

Level Scope Configuration Applied To
Area Authentication Level-1 LSPs area-password All Level-1 LSPs and SNPs
Domain Authentication Level-2 LSPs domain-password All Level-2 LSPs and SNPs
Interface Authentication Hello PDUs isis password Hello PDUs on specific interface

Authentication Configuration

IS-IS Authentication Examples

# Basic area and domain authentication
router isis
 net 49.0001.1921.6800.0001.00
 area-password cisco123 authenticate hmac-md5
 domain-password domain456 authenticate hmac-md5

# Interface-specific authentication
interface GigabitEthernet0/0
 isis password interface789 level-1
 isis password interface999 level-2

# Keychain-based authentication
key chain ISIS-AREA-KEYS
 key 1
  key-string area-secret-2024
  accept-lifetime 00:00:00 Jan 1 2024 infinite
  send-lifetime 00:00:00 Jan 1 2024 23:59:59 Dec 31 2024
 key 2
  key-string area-secret-2025
  accept-lifetime 00:00:00 Dec 1 2024 infinite
  send-lifetime 00:00:00 Jan 1 2025 infinite

router isis
 authentication key-chain ISIS-AREA-KEYS level-1
 authentication mode hmac-md5 level-1

Key Rotation Best Practices

Key Rotation Strategy

  1. Plan Overlap Period: Configure accept-lifetime to overlap with old keys
  2. Gradual Deployment: Deploy new keys before old keys expire
  3. Monitor Authentication: Check for authentication failures during rotation
  4. Document Process: Maintain key rotation schedule and procedures
  5. Test Regularly: Verify authentication in test environment first

Mesh Groups

Understanding Mesh Groups

Mesh groups are an IS-IS optimization technique used to reduce LSP flooding in full-mesh topologies. They help minimize unnecessary LSP transmissions between routers that have multiple parallel links.

The Full-Mesh Problem

Without Mesh Groups
  • LSPs flooded on all interfaces
  • Duplicate LSPs across parallel links
  • Increased bandwidth usage
  • Higher CPU utilization
  • Potential flooding storms
With Mesh Groups
  • LSPs flooded on selective interfaces
  • Reduced duplicate transmissions
  • Optimized bandwidth usage
  • Lower CPU overhead
  • Controlled flooding behavior

Mesh Group Types

Type Value Behavior Use Case
No Mesh Group Not configured Normal flooding on all interfaces Non-meshed topologies
Mesh Blocked blocked No LSP flooding on interface Backup links in mesh
Mesh Group N 1-4294967295 LSP flooding within group only Primary links in mesh

Mesh Group Configuration

Mesh Group Examples

# Configure mesh group on interfaces
interface Serial0/0
 description Primary link to Router2
 isis mesh-group 100

interface Serial0/1
 description Backup link to Router2
 isis mesh-group blocked

interface GigabitEthernet0/0
 description LAN connection
 # No mesh group - normal flooding

# Complex mesh topology
interface Serial1/0
 description Link to Core1
 isis mesh-group 1

interface Serial1/1
 description Link to Core2
 isis mesh-group 1

interface Serial1/2
 description Backup path
 isis mesh-group blocked

Mesh Group Rules

Rule 1: Same Mesh Group

LSPs are not flooded between interfaces in the same mesh group

Rule 2: Blocked Interfaces

LSPs are never flooded on mesh-blocked interfaces

Rule 3: Different Groups

LSPs are flooded between interfaces in different mesh groups

Rule 4: No Group

LSPs are flooded normally on interfaces without mesh groups

Overload Bit

Overload Bit Functionality

The overload bit is a mechanism that allows a router to remain in the IS-IS topology while signaling that it should not be used for transit traffic. This is useful during maintenance, gradual deployment, or when a router is experiencing resource constraints.

Overload Bit Behavior

With Overload Bit Set
  • Router remains in topology
  • Adjacencies stay up
  • Not used for transit traffic
  • Own prefixes still reachable
  • SPF excludes router from paths
Normal Operation
  • Router participates fully
  • Used for transit traffic
  • Included in SPF calculations
  • Normal forwarding behavior
  • All prefixes reachable via router

Overload Bit Use Cases

Maintenance Operations

Set overload bit before performing maintenance to gracefully remove router from transit paths while keeping it reachable for management.

Gradual Deployment

Use during router deployment to bring up adjacencies and verify operation before accepting transit traffic.

Resource Constraints

Automatically set when router experiences high CPU, memory, or other resource limitations.

Emergency Situations

Quickly remove router from forwarding paths during network emergencies or troubleshooting.

Overload Bit Configuration

Overload Bit Examples

# Manual overload bit setting
router isis
 set-overload-bit

# Overload bit with timeout (automatic clear)
router isis
 set-overload-bit on-startup 300
 # Router will clear overload bit after 5 minutes

# Conditional overload based on route count
router isis
 max-lsp-lifetime 1200
 set-overload-bit on-startup wait-for-bgp
 # Wait for BGP convergence before clearing

# Per-level overload bit
router isis
 set-overload-bit level-1
 set-overload-bit level-2

# Overload bit with advertisement
router isis
 set-overload-bit advertise

Verification Commands

Overload Bit Verification

# Check local overload bit status
show isis

# View overload bit in database
show isis database detail
# Look for OL bit in LSP flags

# Monitor overload bit changes
show isis topology
show isis neighbors detail

# Debug overload bit events
debug isis spf-events
debug isis lsp-gen

Route Filtering

IS-IS Route Filtering

Route filtering in IS-IS allows control over which routes are advertised, accepted, or redistributed. This provides granular control over routing information flow and helps implement routing policies.

Types of Route Filtering

Outbound Filtering

Control routes advertised to neighbors

  • Distribute lists
  • Route maps
  • Prefix lists
Inbound Filtering

Control routes accepted from neighbors

  • Accept filters
  • Administrative distance
  • Route maps
Redistribution Filtering

Control external route redistribution

  • Redistribution route maps
  • Metric assignment
  • Route tagging

Route Filtering Configuration

Basic Route Filtering Examples

# Distribute list with access list
router isis
 distribute-list 10 out
 distribute-list 20 in

access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 deny any

access-list 20 permit 172.16.0.0 0.0.255.255
access-list 20 permit 10.0.0.0 0.255.255.255
access-list 20 deny any

# Prefix list filtering
ip prefix-list ALLOW-PRIVATE seq 10 permit 192.168.0.0/16 le 24
ip prefix-list ALLOW-PRIVATE seq 20 permit 172.16.0.0/12 le 24
ip prefix-list ALLOW-PRIVATE seq 30 permit 10.0.0.0/8 le 24
ip prefix-list ALLOW-PRIVATE seq 100 deny 0.0.0.0/0 le 32

router isis
 distribute-list prefix ALLOW-PRIVATE out

Advanced Filtering with Route Maps

Route Map Filtering

# Route map for selective redistribution
route-map REDIS-CONNECTED permit 10
 match interface Loopback0 Loopback1
 set metric 1
 set metric-type internal

route-map REDIS-CONNECTED permit 20
 match ip address prefix-list CUSTOMER-ROUTES
 set metric 10
 set metric-type external
 set tag 100

route-map REDIS-CONNECTED deny 30

# Apply route map to redistribution
router isis
 redistribute connected route-map REDIS-CONNECTED
 redistribute ospf 1 route-map REDIS-OSPF level-2

# Level-specific filtering
router isis
 distribute-list prefix LEVEL1-FILTER out level-1
 distribute-list prefix LEVEL2-FILTER out level-2

Filtering Best Practices

Route Filtering Guidelines

  • Be Specific: Use precise prefix lists rather than broad access lists
  • Document Policies: Clearly document filtering rules and their purpose
  • Test Thoroughly: Verify filtering behavior in test environment
  • Monitor Impact: Watch for unintended routing changes
  • Plan Redundancy: Ensure filtering doesn't break redundant paths

Route Summarization

IS-IS Route Summarization

Route summarization reduces the size of routing tables and LSP databases by advertising aggregate routes instead of individual subnets. This improves scalability and reduces routing protocol overhead.

Benefits of Route Summarization

Scalability
  • Smaller routing tables
  • Reduced LSP database size
  • Faster SPF calculations
  • Lower memory usage
Stability
  • Route flap isolation
  • Reduced convergence impact
  • Network hierarchy enforcement
  • Simplified troubleshooting

Summarization Types

Type Configuration Scope Use Case
Internal Summarization summary-address IS-IS internal routes Summarize IS-IS learned routes
External Summarization summary-address with external Redistributed routes Summarize external routes
Level Boundary Summarization summary-address level-1/2 Specific IS-IS level Level-specific summarization

Summarization Configuration

Route Summarization Examples

# Basic internal route summarization
router isis
 summary-address 192.168.0.0 255.255.0.0

# Level-specific summarization
router isis
 summary-address 172.16.0.0 255.255.0.0 level-1
 summary-address 10.0.0.0 255.0.0.0 level-2

# External route summarization
router isis
 summary-address 203.0.113.0 255.255.255.0 external

# Summarization with metric control
router isis
 summary-address 192.168.0.0 255.255.0.0 metric 50
 summary-address 172.16.0.0 255.255.0.0 level-2 metric 100

# Conditional summarization with route maps
route-map SUMMARIZE-CONNECTED permit 10
 match ip address prefix-list CONNECTED-ROUTES
 set metric 1

router isis
 summary-address 10.1.0.0 255.255.0.0 route-map SUMMARIZE-CONNECTED

Summarization Design Guidelines

Plan Address Allocation

Design IP address allocation to support hierarchical summarization. Use contiguous address blocks that can be efficiently summarized.

Implement at Boundaries

Configure summarization at area boundaries and network hierarchy points for maximum benefit.

Avoid Over-Summarization

Don't summarize too aggressively as it may lead to suboptimal routing or routing loops.

Monitor Summary Routes

Regularly monitor summary route metrics and adjust as needed for optimal path selection.

Verification Commands

Summarization Verification

# Show summary routes
show isis database detail
show ip route isis summary

# Verify specific summary
show isis topology summary

# Check summary route generation
show isis database | include Summary
show ip route 192.168.0.0

# Debug summary route events
debug isis lsp-gen
debug isis spf-events
Previous: Chapter 5 - IS-IS Configuration Next: Chapter 7 - IS-IS Troubleshooting