No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IS-IS (IPv6)

Configuring IS-IS (IPv6)

By building IS-IS IPv6 networks, you can discover and calculate routes in ASs.

Configuring Basic IPv6 IS-IS Functions

An IS-IS network can be set up only after basic IS-IS functions are configured.

Pre-configuration Tasks

Before configuring basic IPv6 IS-IS functions, complete the following tasks:

  • Configuring IPv6 addresses for interfaces to ensure that neighboring nodes are reachable at the network layer

Configuration Flowchart

Creating an IS-IS process is the prerequisite for configuring a network entity title (NET), configuring the device level, and establishing an IS-IS neighbor relationship.

Creating IS-IS Processes

Context

Creating IS-IS processes is the prerequisite for performing the IS-IS configuration.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ] 

    An IS-IS process is created, and the IS-IS process view is displayed.

    The process-id parameter specifies the ID of an IS-IS process. The default value of process-id is 1.

  3. (Optional) Run:

    description text

    Description for the IS-IS process is configured.

  4. Run:

    commit

    The configuration is committed.

Configuring a NET and Enabling IPv6 IS-IS

Context

NET is the special form of the network service access point (NSAP). After the IS-IS view is displayed, IS-IS can start only when a NET is configured for an IS-IS process.

Generally, you only need to configure one NET for an IS-IS process. When an area needs to be redefined, for example, the area needs to be merged with other areas or divided into sub-areas, configure multiple NETs to ensure route correctness. A maximum of three area addresses can be configured for an IS-IS process. Therefore, a maximum of three NETs can be configured for an IS-IS process. When configuring multiple NETs, ensure that their system IDs are the same.

IS-IS can run on an IPv6 topology only when IPv6 is enabled on an IS-IS process.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS process view is displayed.

  3. Run:

    network-entity net

    A NET is configured.

    NOTE:

    Configuring loopback interface addresses based on NETs is recommended to ensures that a NET is unique on the network. If NETs are not unique, route flapping will easily occur.

    An area ID is used to uniquely identify an area in the same IS-IS domain. All routers in the same Level-1 area must share the same area ID, while routers in the same Level-2 area can have different area IDs.

  4. Run:

    ipv6 enable

    IPv6 is enabled for the IS-IS process.

  5. Run:

    commit

    The configuration is committed.

Configuring the Device Level

Context

Configure the device level according to network planning requirements:
  • When the level of a device is Level-1, the device establishes neighbor relationships with only Level-1 and Level-1-2 routers in the same area and maintains only Level-1 LSDBs.
  • When the level of a device is Level-2, the device can establish neighbor relationship with Level-2 routers in the same area or different areas and with Level-1-2 routers in different areas and maintain only Level-2 LSDB.
  • When the level of a device is Level-1-2, the device can establish neighbor relationships with Level-1 and Level-2 routers and maintain Level-1 and Level-2 LSDBs.

If the levels of IS-IS devices are changed during network operation, the IS-IS process will be restarted and IS-IS neighbor relationships will be disconnected. Setting the levels of devices when configuring IS-IS is recommended.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS process view is displayed.

  3. Run:

    is-level { level-1 | level-1-2 | level-2 }

    The level of the switch modules is configured.

    By default, the level of the switch modules is Level-1-2.

  4. Run:

    commit

    The configuration is committed.

Establishing IS-IS Neighbor Relationships

Context

The methods to establish IS-IS neighbor relationships on a broadcast network and a P2P network are different. Therefore, you need to set different IS-IS attributes for interfaces of different types:
  • On a broadcast network, IS-IS needs to select the designated intermediate system (DIS). You can set the DIS priority for IS-IS interfaces to enable the device with the highest DIS priority to be elected as the DIS.

  • On a P2P network, IS-IS does not need to select the DIS. Therefore, the DIS priority does not need to be configured for interfaces. To ensure P2P link reliability, configure IS-IS to establish neighbor relationships on P2P interfaces in 3-way mode for unidirectional link fault detection.

    Generally, IS-IS checks the IP addresses of received Hello packets. Neighbor relationships can be established only when the IP address carried in a received Hello packet and the address of the interface that receives the Hello packet are on the same network segment. If the IP addresses of the two P2P interfaces are on different network segments, and the isis peer-ip-ignore command is run on the two interfaces, IS-IS does not check the peer IP address. The neighbor relationship can be correctly established on the two P2P interfaces.

Procedure

  • Establish an IS-IS neighbor relationship on a broadcast link.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      ipv6 enable

      IPv6 is enabled on the interface.

    5. Run:

      isis ipv6 enable [ process-id ]

      IPv6 is enabled on the interface.

      After this command is run, IS-IS establishes neighbor relationships and floods LSPs through this interface.
      NOTE:

      Loopback interfaces are not used to establish neighbor relationships. If IS-IS is enabled on a loopback interface, IS-IS advertises the routes of the network segment where the interface resides through other IS-IS interfaces.

    6. Run:

      isis circuit-level [ level-1 | level-1-2 | level-2 ]

      The level of the interface is configured.

      By default, the level of an interface is Level-1-2.

      When two Level-1-2 devices establish IS-IS neighbor relationship, they establish both Level-1 and Level-2 neighbor relationships. To allow the two Level-1-2 devices to establish only Level-1 or Level-2 neighbor relationship, change the level of interfaces.

      NOTE:

      Changing the level of an IS-IS interface is valid only when the level of the IS-IS device is Level-1-2. If the level of the device is not Level-1-2, the level of the device determines the level of the established neighbor relationship.

    7. (Optional) Run:

      isis dis-priority priority [ level-1 | level-2 ]

      The DIS priority is set for the interface. A larger value indicates a higher priority.

      By default, the DIS priority of Level-1 and Level-2 broadcast interfaces is 64.

    8. (Optional) Run:

      isis silent

      The interface is suppressed.

      By default, an IS-IS interface is not suppressed.

      When an IS-IS interface is suppressed, the interface no longer sends or receives IS-IS packets. The routes of the network segment where the interface resides, however, can still be advertised to other IS-IS devices within the same AS.

    9. Run:

      commit

      The configuration is committed.

  • Establish an IS-IS neighbor relationship on a P2P link.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      ipv6 enable

      IPv6 is enabled on the interface.

    5. Run:

      isis ipv6 enable [ process-id ]

      IS-IS IPv6 is enabled on the interface.

    6. Run:

      isis circuit-level [ level-1 | level-1-2 | level-2 ]

      The level of the interface is configured.

      By default, the level of an interface is Level-1-2.

    7. Run:

      isis circuit-type p2p

      The network type of the interface is set to P2P.

      By default, the network type of an interface is determined by the physical type of the interface.

      When the network type of an IS-IS interface changes, the interface configuration changes accordingly:
      • After a broadcast interface is simulated as a P2P interface using the isis circuit-type p2p command, the interval for sending Hello packets, number of Hello packets that IS-IS does not receive from a neighbor before the neighbor is declared Down, interval for retransmitting LSPs on a P2P link, and various IS-IS authentication modes are restored to the default settings; other configurations such as the DIS priority, DIS name, and interval for sending CSNPs on a broadcast network become invalid.

      • After the undo isis circuit-type command is run to restore the default network type of an IS-IS interface, the interval for sending Hello packets, number of Hello packets that IS-IS does not receive from a neighbor before the neighbor is declared Down, interval for retransmitting LSPs on a P2P link, various IS-IS authentication modes, DIS priority, and interval for sending CSNPs on a broadcast network are restored to the default settings.

    8. Run:

      isis ppp-negotiation { 2-way | 3-way [ only ] }

      The negotiation mode is specified for the interface.

      By default, the negotiation mode is 3-way.

    9. Run:

      isis peer-ip-ignore

      IS-IS is configured not to check the IP addresses of received Hello packets.

      By default, IS-IS checks the IP addresses of received Hello packets.

    10. Run:

      isis ppp-osicp-check

      OSICP negotiation status check is configured on the interface.

      By default, the OSICP negotiation status of a PPP interface does not affect the status of an IS-IS interface.

      NOTE:

      This command applies only to PPP interfaces and is invalid for other P2P interfaces.

      After this command is run, the OSICP negotiation status of a PPP interface affects the status of an IS-IS interface. When PPP detects that the OSI network fails, the link status of the IS-IS interface goes Down and the routes of the network segment where the interface resides are not advertised through LSPs.

    11. Run:

      commit

      The configuration is committed.

Checking the Configuration

Procedure

  • Run the display isis peer [ verbose ] [ process-id | vpn-instance vpn-instance-name ] command to check information about IS-IS neighbors.
  • Run the display isis interface [ verbose ] [ vpn-instance vpn-instance-name ] command to check information about IS-IS interfaces.
  • Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] * command to check information about IS-IS routes.

Improving IPv6 IS-IS Network Security

On an IS-IS network that requires high security, configure IS-IS authentication to improve IS-IS network security.

Pre-configuration Tasks

Before improving IS-IS network security, complete the following task:

Configuration Flowchart

You can perform the following configuration tasks (excluding the task of Checking the Configuration) in any sequence as required.

Configuring Interface Authentication

Context

Generally, the IS-IS packets to be sent are not encapsulated with authentication information, and the received packets are not authenticated. If a user sends malicious packets to attack a network, information on the entire network may be stolen. Therefore, you can configure IS-IS authentication to improve the network security.

After the IS-IS interface authentication is configured, authentication information can be encapsulated into the Hello packet to confirm the validity and correctness of neighbor relationships.

If plain is selected during the configuration of the authentication mode for the IS-IS interface, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run any of the following command to configure the authentication mode of the IS-IS interface as required:

    • Run:

      isis authentication-mode simple { plain plain-text | [ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]

      Simple authentication is configured for the IS-IS interface.

    • Run:

      isis authentication-mode md5 { plain plain-text | [ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]

      MD5 authentication is configured for the IS-IS interface.

    • Run:

      isis authentication-mode keychain keychain-name [ level-1 | level-2 ] [ send-only ]

      The Keychain authentication is configured for the IS-IS interface.

    By default, an IS-IS interface does not authenticate received Hello packets and no authentication password is configured on the interface.

    NOTE:
    Use the send-only parameter according to network requirements:
    • If the send-only parameter is specified, the device only encapsulates the Hello packets to be sent with authentication information rather than checks whether the received Hello packets pass the authentication. When the Hello packets do not need to be authenticated on the local device and pass the authentication on the remote device, the two devices can establish the neighbor relationship.

    • If the send-only parameter is not specified, ensure that passwords of all interfaces with the same level on the same network are the same.

    Parameters level-1 and level-2 apply only to the VLANIF interfaces on which IS-IS is enabled using the isis ipv6 enable command.

    NOTE:

    If keychain authentication is used, the encryption algorithm must be configured to HMAC-MD5 or HMAC-SHA-256 algorithm.

  5. Run:

    commit

    The configuration is committed.

Configuring Area or Domain Authentication

Context

Generally, the IS-IS packets to be sent are not encapsulated with authentication information, and the received packets are not authenticated. If a user sends malicious packets to attack a network, information on the entire network may be stolen. Therefore, you can configure IS-IS authentication to improve the network security.

The area authentication password is encapsulated into Level-1 IS-IS packets. Only the packets that pass the area authentication can be accepted. Therefore, you must configure IS-IS area authentication on all the IS-IS devices in the specified Level-1 area to authenticate the Level-1 area.

The domain authentication password is encapsulated into Level-2 IS-IS packets. Only the packets that pass the domain authentication can be accepted. Therefore, you must configure IS-IS domain authentication on all the IS-IS devices in the Level-2 area to authenticate Level-2 area.

If plain is selected during the configuration of the area authentication mode or domain authentication mode, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

NOTE:

When configuring IS-IS authentication, the area or domain authentication modes and passwords of the routers in the same area must be consistent so that IS-IS packets can be flooded normally.

Whether IS-IS packets can pass area or domain authentication does not affect the establishment of Level-1 or Level-2 neighbor relationships.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS process view is displayed.

  3. Perform the following operations at any sequence as required.

    • Run:

      area-authentication-mode { { simple | md5 }  { plain plain-text | [ cipher ] plain-cipher-text } [ ip | osi ] | keychain keychain-name } [ snp-packet { authentication-avoid | send-only } | all-send-only ]

      The area authentication mode is configured.

      By default, the system neither encapsulates generated Level-1 packets with authentication information nor authenticates received Level-1 packets.

    • Run:

      domain-authentication-mode { { simple | md5 }  { plain plain-text | [ cipher ] plain-cipher-text } [ ip | osi ] | keychain keychain-name } [ snp-packet { authentication-avoid | send-only } | all-send-only ]

      The domain authentication mode is configured.

      By default, the system neither encapsulates generated Level-2 packets with authentication information nor authenticates received Level-2 packets.

    NOTE:

    The authentication involves the following situations:

    • The device encapsulates the authentication mode into LSPs and SNPs to be sent and checks whether the received packets pass authentication. Then, the device discards the packets that do not pass the authentication. In this case, the parameter snp-packet or all-send-only is not specified.

    • The device encapsulates authentication information into LSPs to be sent and checks whether the received LSPs pass the authentication; the device neither encapsulates the SNPs to be sent with authentication information nor checks whether the received SNPs pass the authentication. In this case, the parameter snp-packet authentication-avoid needs to be specified.

    • The device encapsulates the LSPs and SNPs to be sent with authentication information; the device, however, checks the authentication mode of only the received LSPs rather than the received SNPs. In this case, the parameter snp-packet send-only needs to be specified.

    • The device encapsulates the LSPs and SNPs to be sent with authentication information, but does not check whether the received LSPs or SNPs pass the authentication. In this case, the parameter all-send-only needs to be specified.

    NOTE:

    If keychain authentication is used, the encryption algorithm must be configured to HMAC-MD5 or HMAC-SHA-256 algorithm.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display isis lsdb verbose command to check the detailed information in the IS-IS LSDB.

Controlling IPv6 IS-IS Route Selection

You can adjust IS-IS route selection to precisely control route selection.

Pre-configuration Tasks

Before configuring IS-IS route selection, complete the following task:

Configuration Flowchart

You can perform the following configuration tasks (excluding the task of Checking the Configuration) in any sequence as required.

Configuring a Preference Value for IPv6 IS-IS

Context

If multiple routes to the same destination are discovered by different routing protocols running on the same device, the route discovered by the protocol with the highest preference is selected.

To prefer a IPv6 route discovered by IS-IS, configure a higher preference value for IS-IS IPv6 route. In addition, a routing policy can be configured to increase the preferences of specified IS-IS IPv6 routes, without affecting route selection.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    ipv6 preference { route-policy route-policy-name | preference }*

    The IS-IS IPv6 route preference value is configured.

    The default IS-IS IPv6 route preference value is 15. A smaller preference value indicates a higher preference.

  4. Run:

    commit

    The configuration is committed.

Configuring the Cost of an IS-IS Interface on IPv6 network

Context

The costs of IS-IS interfaces can be determined in the following modes in descending order by priority:
  • Interface cost: is configured for a specified interface.

  • Global cost: is configured for all interfaces.

  • Automatically calculated cost: is automatically calculated based on the interface bandwidth.

If no cost is configured for an IS-IS interface, the IS-IS interface uses the default cost 10 and cost style narrow.

If you want to change the cost style of IS-IS devices, running the command while configuring basic IS-IS functions is recommended. If the cost style of IS-IS devices is changed during network operation, the IS-IS process is restarted and neighbors are disconnected.

Procedure

  1. Configure the IS-IS cost style.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      cost-style { narrow | wide | wide-compatible | { { narrow-compatible | compatible } [ relax-spf-limit ] } }

      The IS-IS cost style is configured.

      By default, the cost style of routes received and sent by an IS-IS device is narrow.

    4. Run:

      commit

      The configuration is committed.

    The cost range of an interface and a route received by the interface vary with the cost type.

    • If the cost style is narrow, the cost of an interface ranges from 1 to 63. The maximum cost of a route received by the interface is 1023.

    • If the cost style is narrow-compatible or compatible, the cost of an interface ranges from 1 to 63. The cost of a received route is related to relax-spf-limit.

    • If the cost style is wide-compatible or wide, the cost of the interface ranges from 1 to 16777215. When the cost is 16777215, the neighbor TLV generated on the link cannot be used for route calculation but for the transmission of TE information. The maximum cost of a received route is 0xFFFFFFFF.

  2. Configure the cost of an IS-IS interface on IPv6 network.

    Perform any of the following operations to configure the cost of an IS-IS interface on IPv6 network.

    Configure the cost of a specified IS-IS interface on IPv6 network.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      isis ipv6 cost cost [ level-1 | level-2 ]

      The cost of the IS-IS interface on IPv6 network is configured.

      By default, the cost of an IS-IS interface on IPv6 network is 10.

    5. Run:

      commit

      The configuration is committed.

    Configure the global IS-IS interface cost on IPv6 network.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      ipv6 circuit-cost cost [ level-1 | level-2 ]

      The global IS-IS interface cost on IPv6 network is configured.

      By default, no global cost is configured.

    4. Run:

      commit

      The configuration is committed.

    Enable IS-IS interface to automatically calculate the interface cost on IPv6 network.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      ipv6 bandwidth-reference value

      The reference value of the bandwidth is configured. By default, the bandwidth reference value is 100 Mbit/s.

    4. Run:

      ipv6 auto-cost enable

      The interface is configured to automatically calculate its cost on IPv6 network.

    5. Run:

      commit

      The configuration is committed.

    The bandwidth reference value set using the ipv6 bandwidth-reference command takes effect only when the cost style is wide or wide-compatible. In this case, the interface cost is calculated using the following formula:

    Cost of each interface = (Bandwidth-reference/Interface bandwidth) × 10

    If the cost-style is narrow, narrow-compatible, or compatible, the cost of each interface is based on costs listed in Table 7-47.

    Table 7-47 Mapping between IS-IS interface costs and interface bandwidth

    Cost

    Bandwidth Range

    60

    Interface bandwidth ≤ 10 Mbit/s

    50

    10 Mbit/s < interface bandwidth ≤ 100 Mbit/s

    40

    100 Mbit/s < interface bandwidth ≤ 155 Mbit/s

    30

    155 Mbit/s < interface bandwidth ≤ 622 Mbit/s

    20

    622 Mbit/s < Interface bandwidth ≤ 2.5 Gbit/s

    10

    2.5 Gbit/s < Interface bandwidth

Configuring Principles for Using Equal-Cost IPv6 IS-IS Routes

Context

If there are redundant IS-IS links, multiple routes may have an equal cost.

Configure load balancing for equal-cost IS-IS routes so that traffic will be evenly balanced among these links. This mechanism increases the link bandwidth usage and prevents network congestion caused by link overload. However, this mechanism may make traffic management more difficult because traffic will be randomly forwarded.

Procedure

  • Configure equal-cost IS-IS routes to work in load-balancing mode.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      ipv6 maximum load-balancing number

      The maximum number of load-balancing equal-cost IPv6 IS-IS routes is set.

      By default, load balancing is supported and a maximum of 16 equal-cost routes can participate in load balancing.

      NOTE:
      When the number of equal-cost routes is greater than number specified in the ipv6 maximum load-balancing command, valid routes are selected for load balancing based on the following criteria:
      1. Route preference: Routes with higher preferences are selected for load balancing.
      2. Interface index: If routes have the same priorities, routes with higher interface index values are selected for load balancing.
      3. Next hop IP address: If routes have the same priorities and interface index values, routes with larger IP address are selected for load balancing.

    4. Run:

      commit

      The configuration is committed.

Configuring IS-IS IPv6 Route Leaking

Context

If multiple Level-1-2 devices in a Level-1 area are connected to devices in the Level-2 area, a Level-1 LSP sent by each Level-1-2 device carries an ATT flag bit of 1. This Level-1 area will have multiple routes to the Level-2 area and to other Level-1 areas.

By default, routes in a Level-1 area can be leaked into the Level-2 area so that Level-1-2 and Level-2 devices can learn about the topology of the entire network. Devices in a Level-1 area are unaware of the entire network topology because they only maintain LSDBs in the local Level-1 area. Therefore, a device in a Level-1 area can forward traffic to a Level-2 device only through the nearest Level-1-2 device. The route used may not be the optimal route to the destination.

To enable a device in a Level-1 area to select the optimal route, configure IS-IS IPv6 route leaking so that specified routes in the Level-2 area can be leaked into the local Level-1 area.

Routes of services deployed only in the local Level-1 area do not need to be leaked into the Level-2 area. A policy can be configured to leak only desired routes into the Level-2 area.

Procedure

  • Specify IS-IS IPv6 routes in the Level-2 area and other Level-1 areas that can be leaked into the local Level-1 area.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      ipv6 import-route isis level-2 into level-1 [ tag tag | filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } ] *

      IS-IS IPv6 routes in the Level-2 area and other Level-1 areas that meet the specified conditions are leaked into the local Level-1 area.

      By default, IS-IS IPv6 routes in the Level-2 area are not leaked into Level-1 areas.

      NOTE:

      The command is run on the Level-1-2 device that is connected to an external area.

    4. Run:

      commit

      The configuration is committed.

  • Configure IS-IS IPv6 routes in Level-1 areas to leak into the Level-2 area.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      ipv6 import-route isis level-1 into level-2 [ tag tag | filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } ] *

      IS-IS IPv6 routes that meet the specifies conditions in Level-1 areas are leaked into the Level-2 area.

      By default, all Level-1 IS-IS IPv6 routing information, excluding information about default routes, is leaked to Level-2 areas.

      NOTE:

      The command is run on the Level-1-2 device that is connected to an external area.

Checking the Configuration

Procedure

  • Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] * command to check IS-IS routing information.
  • Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check information in the IS-IS LSDB.

Controlling IPv6 IS-IS Route Exchange

If other routing protocols are configured on an IS-IS network, you need to configure IS-IS to interact with these protocols to ensure successful communication between them.

Pre-configuration Tasks

Before controlling IS-IS route exchange, complete the following task:

Configuration Flowchart

You can perform the following configuration tasks (excluding the task of Checking the Configuration) in any sequence as required.

Configuring IS-IS to Advertise a Default Route

Context

If IS-IS is configured to advertise a default route on a border device that has external routes, the device advertises a default route ::/0 in the IS-IS routing domain. All traffic destined for other routing domains is first forwarded to the border device.
NOTE:

Configuring a static default route can also allow all the traffic to be first forwarded to a border device, which then forwards the traffic outside an IS-IS routing domain. However, this method leads to heavy workload in configuration and management when a large number of devices are deployed on the network.

In addition, advertising default routes using IS-IS is flexible. If multiple border devices are deployed, a routing policy can be configured to allow only the border device that meets the specified conditions to advertise a default route, preventing routing blackholes.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    ipv6 default-route-advertise [ always | match default | route-policy route-policy-name ] [ cost cost | tag tag | [ level-1 | level-1-2 | level-2 ] ] * [ avoid-learning ]

    IS-IS is configured to advertise a default IPv6 route.

    By default, IS-IS does not advertise a default route.

  4. Run:

    commit

    The configuration is committed.

Configuring IS-IS to Import External Routes

Context

After IS-IS is configured to advertise a default route on a border device in an IS-IS routing domain, all the traffic destined outside the IS-IS routing domain is forwarded through the border device. This burdens the border device because other devices in the IS-IS routing domain do not have the routes destined outside the domain. If multiple border devices are deployed in the IS-IS routing domain, optimal routes to other routing domains need to be selected.

To ensure optimal routes are selected, all the other devices in the IS-IS routing domain must learn all or some external routes.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Configure IS-IS to import external routes.

    • When you need to set the cost of imported routes, run the ipv6 import-route { static | direct | { ospfv3 | ripng | isis } [ process-id ] | bgp [ permit-ibgp ] } [ cost cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] * command to configure IS-IS to import external IPv6 routes.
    • When you need to retain the original cost of imported routes, run the ipv6 import-route { direct | { ospfv3 | ripng | isis } [ process-id ] | bgp [ permit-ibgp ] } inherit-cost [ tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] * command to configure IS-IS to import external IPv6 routes. In this case, the source routing protocol of imported routes cannot be static.
    NOTE:

    IS-IS will advertise all imported external routes to the IS-IS routing domain by default.

  4. Run:

    commit

    The configuration is committed.

Configuring IS-IS to Advertise Specified External Routes to an IS-IS Routing Domain

Context

When the local IS-IS device advertises imported external routes to other IS-IS devices, routing policies can be configured to advertise only the external routes that meet specified conditions if these devices do not require all the imported external routes.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    ipv6 filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } export [ protocol [ process-id ] ]

    IS-IS is configured to advertise the external IPv6 routes that meet specified conditions to the IS-IS routing domain.

  4. Run:

    commit

    The configuration is committed.

Adding Specified IS-IS Routes to the IPv6 Routing Table

Context

Only routes in an IPv6 routing table can be used to forward IPv6 packets. An IS-IS route can take effect only after this IS-IS route has been successfully added to an IPv6 routing table.

If an IS-IS route does not need to be added to a routing table, specify conditions, such as IPv6 prefix, and routing policy, to filter routes so that only IS-IS routes that meet the specified conditions can added to an IPv6 routing table. IS-IS routes that do not meet the specified conditions cannot be added to the IPv6 routing table and cannot be selected to forward IPv6 packets.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    ipv6 filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } import

    Conditions for filtering IS-IS routes are configured.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check IS-IS LSDB information.
  • Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] * command to check IS-IS routing information.
  • Run the display ipv6 routing-table command to check the IPv6 routing table.

Configuring IPv6 IS-IS Route Summarization

A large IS-IS network has a large number of routing entries. This will slow down routing table lookup and increase management complexity. You can configure route summarization to reduce the size of routing tables.

Pre-configuration Tasks

Before configuring IS-IS route summarization, complete the following task:

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    ipv6 summary  ipv6-address prefix-length [ avoid-feedback | generate_null0_route | tag tag | [ level-1 | level-1-2 | level-2 ] ] *

    The specified IPv6 IS-IS routes are summarized into one IS-IS route.

    NOTE:

    After route summarization is configured on a device, the local routing table still contains all specific routes before the summarization. The routing tables on other devices contain only the summary route, and the summary route is deleted only after all its specific routes are deleted.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration
  • Run the display isis route command to check summary routes in the IS-IS routing table.

  • Run the display ipv6 routing-table [ verbose ] command to check summary routes in the IPv6 routing table.

Controlling IPv6 IS-IS Route Convergence

Accelerating IS-IS route convergence can improve the fault location efficiency and improve network reliability.

Pre-configuration Tasks

Before configuring IS-IS route convergence, complete the following task:

Configuration Flowchart

You can perform the following configuration tasks (excluding the task of Checking the Configuration) in any sequence as required.

Configuring Attributes for Hello Packets

Context

IS-IS maintains neighbor relationships between neighbors by sending and receiving Hello packets. If the local device does not receive Hello packets from its neighbor within a specified period, the device considers the neighbor Down.

In IS-IS, you can set the interval for sending Hello packets and the holding multiplier of neighboring devices to control the holdtime of neighbor relationships between the local device and neighbors.
  • If the interval for sending Hello packets is too short, more system resources are consumed to send Hello packets, causing a heavy CPU load.
  • If the holdtime of neighboring devices is too long, the local device needs to spend much time detecting the failure of neighbors, slowing down IS-IS route convergence. If the holdtime of neighboring devices is too short, some Hello packets may be lost or become incorrect because of network transmission delay and errors. This will cause neighbor relationships to frequently alternate between Up and Down and lead to route flapping on the IS-IS network.
    NOTE:

    You are advised to set the same interval for sending Hello packets and same holding multiplier of neighboring devices on all the devices on the IS-IS network. This method prevents IS-IS route convergence from being slowed down when some devices detect link failures at a lower speed than other devices.

Procedure

  • Configure the interval for sending Hello packets.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      isis timer hello hello-interval [ level-1 | level-2 ]

      The interval for sending Hello packets is set on an interface.

      By default, the interval for sending Hello packets 10 seconds.

      NOTE:

      Parameters level-1 and level-2 are configured only on a broadcast interface.

      On a broadcast link, there are Level-1 and Level-2 Hello packets. For different types of packets, you can set different intervals. If no level is specified, both the Level-1 timer and Level-2 timer are configured. On a P2P link, there are only one type of Hello packets. Therefore, neither level-1 nor level-2 is required.

    5. Run:

      commit

      The configuration is committed.

  • Set the holding multiplier for neighboring devices.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      isis timer holding-multiplier number [ level-1 | level-2 ]

      The holding multiplier of neighboring devices is set.

      The default holding multiplier is 3. The holdtime of neighbor relationships is three times the interval for sending Hello packets.

      NOTE:

      Parameters level-1 and level-2 are configured only on a broadcast interface.

    5. Run:

      commit

      The configuration is committed.

Configuring Attributes for LSPs

Context

LSPs are used to exchange link state information. You can configure attributes for LSPs to control the length and maximum lifetime of LSPs. To accelerate network convergence, you can enable LSP fast flooding or reduce the minimum interval for sending LSPs and the interval for updating LSPs to speed up LSP flooding. However, CPU resources will be consumed too much if the network topology changes frequently. In this situation, configure the intelligent timer for generating LSPs. This timer can fast respond to emergencies, speed up network convergence, and improve CPU resource efficiency because its interval becomes longer when the network changes frequently.

Configured Parameters

Function

Usage Scenario

Set the maximum length for LSPs

Set the size for LSPs to be generated and LSPs to be received.

When the volume of link status information increases, the length of LSPs to be generated can be increased to carry more information in each LSP.

Set the maximum lifetime for LSPs

Set the maximum lifetime for LSPs to ensure the validity of an LSP before its updated LSP is received.

When a switch modules generates the system LSP, it fills in the maximum lifetime for this LSP. After this LSP is received by other switch moduless, the lifetime of the LSP is reduced gradually. If the switch modules does not receive any more update LSPs and the lifetime of the LSP is reduced to 0, the LSP will be deleted from the LSDB 60s later if no more updated LSPs are received.

Set the refresh interval for LSPs

Set the refresh interval for LSPs to synchronize LSDBs.

On an IS-IS network, LSDB synchronization is implemented through LSP flooding. During LSP flooding, a switch modules sends an LSP to its neighbors and then the neighbors send the received LSP to their respective neighbors except the switch modules that first sends the LSP. In this manner, the LSP is flooded among the switch moduless of the same level. LSP flooding allows each switch modules of the same level to have the same LSP information and synchronize its LSDB with each other.

Set the minimum interval at which LSPs are sent

Set the interval for sending an LSP during LSP update.

Reducing the minimum interval for sending LSPs speeds up LSP flooding.

Configure the intelligent timer used to generate LSPs

Control the interval for generating LSPs intelligently to speed up route convergence and reduce system load.

On an IS-IS network, if the local routing information changes, a switch modules needs to generate a new LSP to notify this change. If the local routing information changes frequently, a large number of new LSPs are generated, which occupies a lot of system resources and decreases system performance. To speed up network convergence and prevent system performance from being affected, configure an intelligent timer for generating LSPs. This timer can adjust the delay in generating LSPs based on the routing information change frequency.

Enable LSP fast flooding

Control the number of LSPs flooded each time on an interface to speed up IS-IS network convergence.

When an IS-IS switch modules receives new LSPs from other switch moduless, it switch modules updates the LSPs in the local LSDB and periodically floods out the updated LSPs according to a timer . LSP fast flooding updates the preceding method. When a device configured with LSP fast flooding receives one or more new LSPs. it floods out the LSPs with a number smaller than the specified number before calculating routes. This speeds up LSDB synchronization.

Set an interval at which LSPs are retransmitted over a P2P link

Control the interval for retransmitting LSPs to ensure LSDB synchronization on a P2P network.

On a point-to-point network, devices at both ends of a link synchronize LSDBs with each other by flooding LSPs. The device at one end of the link sends an LSP. If the device at the other end receives this LSP, it replies with a PSNP. If the device that has sent an LSP does not receive a PSNP from the other end in a period of time, the device will retransmit the LSP.

Procedure

  • Set the maximum length for LSPs.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Set the maximum length for LSPs.

      • Run:
        lsp-length originate max-size

        The maximum length is set for each generated LSP.

      • Run:
        lsp-length receive max-size

        The maximum length is set for each received LSP.

      By default, the IS-IS system generates and receives 1497-byte LSPs.

      NOTE:

      Ensure that the value of max-size for LSPs to be generated must be smaller than or equal to the value of max-size for LSPs to be received.

      The value of max-size set through the lsp-length command must meet the following requirements; otherwise, the MTU status on the interface is considered Down.
      • The MTU of an Ethernet interface must be greater than or equal to the sum of the value of max-size and 3.

      • The MTU of a P2P interface must be greater than or equal to the value of max-size.

    4. Run:

      commit

      The configuration is committed.

  • Set the maximum lifetime for LSPs.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      timer lsp-max-age age-time

      The maximum lifetime is set for LSPs.

      By default, the maximum lifetime of LSPs is 1200 seconds.

    4. Run:

      commit

      The configuration is committed.

  • Set the refresh interval for LSPs.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      timer lsp-refresh refresh-time

      A refresh interval is set for LSPs.

      y default, the LSP refresh interval is 900s.

      NOTE:

      Ensure that the LSP refresh interval is more than 300s shorter than the maximum LSP lifetime. This allows new LSPs to reach all devices in an area before existing LSPs expire.

      The larger a network, the greater the deviation between the LSP refresh interval and the maximum LSP lifetime.

    4. Run:

      commit

      The configuration is committed.

  • Set the minimum interval at which LSPs are sent.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      isis timer lsp-throttle throttle-interval [ count count ]

      The minimum interval for sending LSPs on an IS-IS interface and the maximum number of LSPs sent within the interval is set.

      By default, the minimum interval for sending LSPs is 50 ms, and the maximum number of LSPs sent each time is 10.

    5. Run:

      commit

      The configuration is committed.

  • Configure the intelligent timer used to generate LSPs.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      timer lsp-generation max-interval [ init-interval [ incr-interval ] ] [ level-1 | level-2 ]

      The intelligent timer used to generate LSPs is set.

      If no level is configured, both Level-1 and Level-2 are configured.

      The initial delay for generating the same LSPs (or LSP fragments) is init-interval. The delay for generating the same LSPs (or LSP fragments) secondly is incr-interval. When the routes change each time, the delay for generating the same LSPs (or LSP fragments) is twice as the previous value until the delay is up to max-interval. After the delay reaches max-interval for three times or reset the IS-IS process, the interval is reduced to init-interval.

      When incr-interval is not used and generating the same LSPs (or LSP fragments) for the first time, init-interval is used as the initial delay. Then, the delay for generating the same LSPs (or LSP fragments) is max-interval. After the delay reaches max-interval for three times or the IS-IS process is reset, the interval is reduced to init-interval.

      When only max-interval is used, the intelligent timer changes into a normal one-short timer.

    4. Run:

      commit

      The configuration is committed.

  • Enable LSP fast flooding.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      isis [ process-id ]

      The IS-IS view is displayed.

    3. Run:

      flash-flood [ lsp-count | max-timer-interval interval | [ level-1 | level-2 ] ] *

      The LSP fast flooding is enabled.

      The lsp-count parameter specifies the number of LSPs flooded each time, which is applicable to all interfaces. If the number of LSPs to be sent is greater than the value of lsp-count, lsp-count takes effect. If the number of LSPs to be sent is smaller than the value of lsp-count, LSPs of the actual number are sent. If a timer is configured and the configured timer does not expire before the route calculation, the LSPs are flooded immediately when being received; otherwise, the LSPs are sent when the timer expires.

      When LSP fast flooding is enabled, Level-1 LSPs and Level-2 LSPs are fast flooded by default if no level is specified.

    4. Run:

      commit

      The configuration is committed.

  • Set an interval at which LSPs are retransmitted over a P2P link.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. (Optional) Run:

      isis circuit-type p2p

      A broadcast interface is simulated as a P2P interface.

      NOTE:

      If the interface type is P2P, the step is not required.

    5. Run:

      isis timer lsp-retransmit retransmit-interval

      The interval at which LSPs are retransmitted over a P2P link is set.

      By default, the interval for retransmitting LSPs over a P2P link is 5 seconds.

    6. Run:

      commit

      The configuration is committed.

Configuring Attributes for CSNPs

Context

Complete sequence number PDUs (CSNPs) contains the summary of all the LSPs in an LSDB to ensure LSDB synchronization between neighbors. CSNPs are processed differently on broadcast and P2P links.
  • On a broadcast link, CSNPs are periodically sent by a DIS device. If a device detects that its LSDB is not synchronized with that on its neighboring, the device will send PSNPs to apply for missing LSPs.

  • On a P2P link, CSNPs are sent only during initial establishment of neighboring relationships.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run:

    isis timer csnp csnp-interval [ level-1 | level-2 ]

    The interval at which CSNPs are sent is set on the specified interface.

    By default, the interval at which CSNPs are sent is 10 seconds.

    NOTE:

    Configure Level-1 and Level-2 only when a broadcast interface is specified.

  5. Run:

    commit

    The configuration is committed.

Setting the SPF Calculation Interval

Context

A network change always triggers IS-IS to perform SPF calculation. Frequent SPF calculation will consume excessive CPU resources, affecting services.

To solve this problem, configure an intelligent timer to control the interval for SPF calculation. For example, to speed up IS-IS route convergence, set the interval for SPF calculation to a small value and set the interval to a large value after the IS-IS network becomes stable.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    timer spf max-interval [ init-interval [ incr-interval ] ]

    The SPF intelligent timer is configured.

    By default, no SPF intelligent timer is configured and the maximum delay in SPF calculation is 5 seconds.

    The intelligent timer changes as follows:
    • The delay in the first SPF calculation is determined by init-interval; the delay in the second SPF calculation is determined by incr-interval. From the third time on, the delay in SPF calculation increases twice every time until the delay reaches the value specified by max-interval. After the delay remains at the value specified by max-interval for three times or the IS-IS process is restarted, the delay decreases to the value specified by init-interval.

    • If incr-interval is not specified, the delay in SPF calculation for the first time is determined by init-interval. From the second time on, the delay in SPF calculation is determined by max-interval. After the delay remains at the value specified by max-interval for three times or the IS-IS process is restarted, the delay decreases to the value specified by init-interval.

    • When only max-interval is specified, the intelligent timer functions as an ordinary one-time triggering timer.

  4. Run:

    commit

    The configuration is committed.

Configuring Convergence Priorities for IS-IS Routes

Context

Devices allow you to configure the highest convergence priority for specific IS-IS routes so that these IS-IS routes will be converged first when a network topology changes.

The application rules of the convergence priorities for IS-IS routes are as follows:
  • Existing IS-IS routes are converged based on the priorities configured in the ipv6 prefix-priority command.

  • New IS-IS routes are converged based on the priorities configured in the ipv6 prefix-priority command.

  • If an IS-IS route conforms to the matching rules of multiple convergence priorities, the highest convergence priority is used.

  • The convergence priority of a Level-1 IS-IS route is higher than that of a Level-2 IS-IS route.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    ipv6 prefix-priority [ level-1 | level-2 ] { critical | high | medium } { ipv6-prefix prefix-name | tag tag-value }

    Convergence priorities are set for IS-IS routes.

    By default, the convergence priority of 32-bit host routes is medium, and the convergence priority of the other IS-IS routes is low.

    NOTE:

    The ipv6 prefix-priority command is only applicable to the public network.

    After the ipv6 prefix-priority command is run, the convergence priority of 32-bit host routes is low, and the convergence priorities of the other routes are determined as specified in the ipv6 prefix-priority command.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display isis interface [ verbose ] [ vpn-instance vpn-instance-name ] command to check IS-IS packet information.
  • Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] * command to check the information of IS-IS routes.

Configuring LSP Fragment Extension

LSP fragment extension allows an IS-IS device to generate more LSP fragments to transmit more IS-IS information.

Pre-configuration Tasks

Before configuring LSP fragment extension, complete the following task:

NOTE:

When a new device connects to an IS-IS network, you are advertised to configure LSP fragment extension and virtual systems before establishing IS-IS neighbors or importing routes. If you establish IS-IS neighbors or import routes, which causes IS-IS to carry much information that cannot be loaded through 256 fragments, you must configure LSP fragment extension and virtual systems. The configurations, however, take effect only after you restart the IS-IS process.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    lsp-fragments-extend  [ [ level-1 | level-2 | level-1-2 ] | [ mode-1 | mode-2 ] ] *

    LSP fragment extension is enabled in an IS-IS process.

    By default, LSP fragment extension is disabled in an IS-IS process.

    If the mode or level is not specified during the configuration of LSP fragment extension, mode-1 and level-1-2 are used by default.

    NOTE:

    If there are devices of other manufacturers on the network, LSP fragment extension must be set to mode-1. Otherwise, devices of other manufacturers cannot identify LSPs.

  4. Run:

    virtual-system virtual-system-id

    A virtual system is configured.

    By default, no virtual system is configured.

    To configure a switch modules to generate extended LSP fragments, you must configure at least one virtual system. The ID of the virtual system must be unique in the domain.

    An IS-IS process can be configured with up to 99 virtual system IDs.

  5. Run:

    commit

    The configuration is committed.

Checking the Configuration

Run the following commands to check IS-IS process statistics.

  • display isis statistics [ level-1 | level-2 | level-1-2 ] [ process-id | vpn-instance vpn-instance-name ]
  • display isis process-id statistics [ [ level-1 | level-2 | level-1-2 ] | [ packet ] ]

Configuring a Mesh Group on an NBMA Network

You can configure a mesh group on an NBMA network to prevent repeated LSP flooding from causing bandwidth waste.

Pre-configuration Tasks

Before configuring a mesh group, complete the following task:

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run:

    isis mesh-group { mesh-group-number | mesh-blocked }

    The interface is added to a mesh group.

    When mesh-blocked is configured on an interface, the interface is blocked and cannot flood LSPs outside. All the interfaces added to a mesh group implement global LSDB synchronization through CSNP and PSNP mechanisms.

  5. Run:

    commit

    The configuration is committed.

Checking the Configuration

Run the following commands to check IS-IS process statistics.

  • display isis statistics [ level-1 | level-2 | level-1-2 ] [ process-id | vpn-instance vpn-instance-name ]
  • display isis process-id statistics [ [ level-1 | level-2 | level-1-2 ] | packet ]

Configuring the Overload Bit for an IS-IS Device

If an IS-IS device needs to be temporarily isolated, configure the IS-IS device to enter the overload state to prevent other devices from forwarding traffic to this IS-IS device and prevent blackhole routes.

Pre-configuration Tasks

Before configuring the overload bit for an IS-IS device, complete the following task:

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS view is displayed.

  3. Run:

    set-overload [ on-startup [ timeout1 | start-from-nbr system-id [ timeout1 [ timeout2 ] ] | wait-for-bgp [ timeout1 ] ] [ send-sa-bit [ timeout3 ] ] ][ allow { interlevel | external }* ]

    The overload bit for non-pseudonode LSPs is configured.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration
  • Run the display isis lsdb [ [ level-1 | level-2 ] | verbose | [ local | lsp-id | is-name symbolic-name ] ] * [ process-id | vpn-instance vpn-instance-name ] command to check information in the IS-IS LSDB.

Configuring Dynamic IPv6 BFD for IS-IS

BFD can provide link failure detection featuring light load and high speed (at the millisecond level). With dynamic BFD, routing protocols can dynamically trigger the establishment of BFD sessions.

Applicable Environment

If the requirement for data transmission is high and IS-IS convergence needs to be accelerated when the link status changes, you can configure dynamic BFD on IS-IS links.

Dynamic BFD needs to be configured based on the actual network environment. If the time parameters are set improperly, network flapping may occur.

Pre-configuration Tasks

Before configuring dynamic IPv6 BFD for IS-IS, complete the following tasks:

Configuration Procedures
Figure 7-90 Flowchart for configuring dynamic IPv6 BFD for IS-IS

Configuring BFD Globally

Before configuring dynamic BFD for IS-IS, you need to enable BFD globally.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    bfd

    BFD is configured globally.

  3. Run:

    commit

    The configuration is committed.

Configuring IPv6 BFD for IS-IS Processes

By configuring IPv6 BFD for an IS-IS process, you can set parameters for dynamic BFD sessions and enable dynamic IPv6 BFD for IS-IS on all IS-IS interfaces.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis process-id

    The IS-IS view is displayed.

  3. Run:

    ipv6 bfd all-interfaces enable

    IPv6 BFD is enabled in the IS-IS process to establish BFD sessions.

    When global IPv6 BFD is enabled in the IS-IS process and the neighbor IPv6 status is Up, IS-IS adopts default BFD parameters to establish BFD sessions on all the interfaces.

  4. (Optional) Run:

    ipv6 bfd all-interfaces { min-rx-interval receive-interval | min-tx-interval transmit-interval | detect-multiplier multiplier-value | frr-binding } *

    IPv6 BFD parameters are configured for setting up BFD sessions.

    • min-rx-interval receive-interval: specifies the minimum interval at which BFD packets are received from the peer end.

    • min-tx-interval transmit-interval: specifies the minimum interval at which BFD packets are sent to the peer end.

    • detect-multiplier multiplier-value: specifies the local detection time multiplier, which determines the neighbor holdtime.

    • frr-binding: indicates that the status of the IPv6 BFD session is bound to IPv6 IS-IS Auto FRR.

  5. Run:

    commit

    The configuration is committed.

(Optional) Preventing an Interface from Dynamically Establishing an IPv6 BFD Session

You can disable certain IS-IS interfaces from dynamically establishing IPv6 BFD sessions.

Context

After the ipv6 bfd all-interfaces enable command is used for an IS-IS process on a P2P network, all IS-IS interfaces whose neighbors are Up establish dynamic BFD sessions; all IS-IS interfaces whose neighbors are Up on a broadcast network establish BFD sessions between DISs and non-DISs. If you do not expect certain IS-IS interfaces to establish dynamic BFD sessions, you can disable these interfaces from dynamically establishing BFD sessions. Do as follows to disable the specified interface from dynamically establishing BFD sessions:

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    isis ipv6 bfd block

    The interface is prevented from dynamically establishing a BFD session.

  4. Run:

    commit

    The configuration is committed.

(Optional) Configuring IPv6 BFD for a Specified Interface

You can configure IPv6 BFD parameters on a specified interface. The priority of IPv6 BFD parameters on an interface is higher than that of IPv6 BFD parameters in the process.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    isis ipv6 bfd enable

    IPv6 BFD is enabled on the interface to establish IPv6 BFD sessions.

    After IPv6 BFD is globally enabled in an IS-IS process, default IPv6 BFD parameters are used for establishing IPv6 BFD sessions.

  4. (Optional) Run:

    isis ipv6 bfd { min-rx-interval receive-interval | min-tx-interval transmit-interval | detect-multiplier multiplier-value | frr-binding } *

    IPv6 BFD parameters are configured for setting up BFD sessions.

    NOTE:

    The priority of IPv6 BFD configured on an interface is higher than that of IPv6 BFD configured for a process. That is, if BFD is also enabled on an interface, the parameters on the interface are preferentially used to establish a dynamic BFD session.

  5. Run:

    commit

    The configuration is committed.

Checking the Configuration

After configuring dynamic IPv6 BFD for IS-IS, you can check information about the BFD session and dynamic BFD for IS-IS on an interface.

Prerequisites

The configurations of dynamic IPv6 BFD for IS-IS are complete.

Procedure

  • Run the display isis ipv6 bfd [ process-id | vpn-instance vpn-instance-name ] session { all | peer ipv6-address } command to check information about an IPv6 BFD session for IS-IS.
  • Run the display isis ipv6 bfd [ process-id | vpn-instance vpn-instance-name ] interface command to check the information about an interface enabled with IPv6 BFD for IS-IS.

Configuring IPv6 IS-IS Auto FRR

Applicable Environment

As the network keeps developing, services such as Voice over IP (VoIP) and on-line video services require high-quality real-time transmission. Nevertheless, if an IS-IS fault occurs, traffic can be switched to a new link only after the following processes: fault detection, LSP update, LSP flooding, route calculation, and FIB entry delivery. As a result, traffic is interrupted for much more than 50 ms, which cannot meet the requirement for real-time services on the network.

With IPv6 IS-IS Auto FRR, devices can rapidly switch traffic from faulty links to backup links without interrupting the traffic. This protects traffic and greatly improves the reliability of IS-IS networks.

IPv6 IS-IS Auto FRR is applicable to the services that are very sensitive to packet delay and packet loss.

Pre-configuration Tasks

Before configuring IPv6 IS-IS Auto FRR, complete the following task:

Configuring Basic IPv6 IS-IS Functions

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    isis [ process-id ]

    The IS-IS process is enabled and the IS-IS view is displayed.

  3. Run:

    ipv6 frr

    The IS-IS IPv6 FRR view is displayed.

  4. Run:

    loop-free-alternate [ level-1 | level-2 | level-1-2 ]

    IPv6 IS-IS Auto FRR is enabled and the loop-free backup route is created.

    If the IS-IS level is not specified, IPv6 IS-IS Auto FRR is enabled on Level-1 and Level-2 to create the backup route.

  5. Run:

    commit

    The configuration is committed.

Checking the Configuration

Run the display isis route [ process-id | vpn-instance vpn-instance-name ] ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] * command to check information about the primary link and backup link after IPv6 IS-IS Auto FRR is enabled.

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 59658

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next