IS-IS Route Leaking
IS-IS Route Leaking
An IS-IS routing domain is partitioned into multiple Level 1 (L1) areas, and a Level 2 (L2) area that interconnects all of the L1 areas. Within each L1 area, all routers exchange link state information. L2 routers also exchange L2 link state information to compute routes between areas. For IP destinations not found in the prefixes in L1 database, the L1 router forward packets to the nearest router that is in both L1 and L2 i.e. a L1/L2 router.
RFC 1195 defines two TLVs for carrying IP prefixes. TLV 128 is IP Internal Reachability Information TLV, is used to carry prefixes that are directly connected to IS-IS routers. TLV 130 is IP External Reachability Information TLV, is used to carry routes learned from outside of IS-IS domain i.e. L2 LSPs. L1/L2 routers can advertise IP routes that were learned via L1 routing, into L2. These routes are regarded as inter-area routes. These L1 --> L2 inter-area routes are advertised in L2 LSPs in IP Internal Reachability TLV. Also, intra-area L2 routes are also advertised in L2 LSPs in IP Internal Reachability TLV. Thus, L1 --> L2 inter-area routes and L2 intra-area routes are indistinguishable.
RFC 2966 documents domain-wide prefix distribution. It documents various drivers for L2 --> L1 inter-area routes, however, the prime reason is for L1 routers to choose an appropriate L1/L2 router to forward packets to destinations outside a L1 area, in case multiple L1/L2 routers are present. This scenario will be demonstrated in this article.
As per RFC 2966, L1/L2 router advertises routes learned via L2 routing into L1 area in L1 LSPs. However, to prevent routing loops, this RFC defines the up/ down bit so that L1/L2 router does not advertise L2 --> L1 inter-area routes back into L2. The L2 --> L1 inter-area routes are advertised in IP Internal Reachability TLV (TLV 128) in L1 LSPs. The metric-type is set to internal.
The following packet capture shows an L1 LSP with up/down bit in TLV 128.
Sample Scenario
The topology in figure 1 will be used to demonstrate route leaking in IS-IS. Notice the IS-IS metric between R1 and R2 is 20 while the metric between R1 and R3 is 15.
Before Route Leaking
The configuration of routers is as below:
R1 and R2 Configuration
R1 Router
interface Loopback 0
ip address 1.1.1.1 255.255.255.255
ip router isis
!
interface Serial 0/0
ip address 10.12.1.1 255.255.255.0
ip router isis
isis metric 20
!
interface Serial 0/1
ip address 10.13.1.1 255.255.255.0
ip router isis
isis metric 15
!
router isis
net 49.0001.0000.0000.0001.00
is-type level-1
!
R2 Router
interface Serial 0/0
ip address 10.12.1.2 255.255.255.0
ip router isis
isis metric 20
!
interface Fa 0/0
ip address 10.24.1.1 255.255.255.0
ip router isis
isis circuit-type level-2-only
!
router isis
net 49.0001.0000.0000.0002.00
!
R3, R4 and R5 Configuration
R3 Router
interface Serial 0/0
ip address 10.13.1.2 255.255.255.0
ip router isis
isis metric 15
!
interface Fa 0/0
ip address 10.35.1.1 255.255.255.0
ip router isis
isis circuit-type level-2-only
!
router isis
net 49.0001.0000.0000.0004.00
!
R4 router
interface Fa 0/0
ip address 10.24.1.2 255.255.255.0
ip router isis
!
interface Fa 0/1
ip address 10.45.1.1 255.255.255.0
ip router isis
!
router isis
net 50.0001.0000.0000.0004.00
is-type level-2-only
!
R5 router
interface Fa 0/0
ip address 10.35.1.2 255.255.255.0
ip router isis
!
interface Fa 0/1
ip address 10.45.1.2 255.255.255.0
ip router isis
!
router isis
net 50.0001.0000.0000.0005.00
is-type level-2-only
!
Both, R2 and R3, form Level-2 (L2) adjacency with R4 and R5, respectively. R2 and R3 learns about 172.16.x.0/24 routes in L2 LSPs.
Prefixes learned by R2 and R3
R2# show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R4 L2 Fa0/0 10.24.1.2 UP 9 R4.01
R1 L1 Se0/0 10.12.1.1 UP 24 00
R2# show ip route isis
1.0.0.0/32 is subnetted, 1 subnets
i L1 1.1.1.1 [115/30] via 10.12.1.1, Serial0/0
172.16.0.0/24 is subnetted, 4 subnets
i L2 172.16.10.0 [115/30] via 10.24.1.2, FastEthernet0/0
i L2 172.16.1.0 [115/20] via 10.24.1.2, FastEthernet0/0
i L2 172.16.2.0 [115/20] via 10.24.1.2, FastEthernet0/0
i L2 172.16.3.0 [115/20] via 10.24.1.2, FastEthernet0/0
10.0.0.0/24 is subnetted, 5 subnets
i L1 10.13.1.0 [115/35] via 10.12.1.1, Serial0/0
i L2 10.45.1.0 [115/20] via 10.24.1.2, FastEthernet0/0
i L2 10.35.1.0 [115/30] via 10.24.1.2, FastEthernet0/0
R3# show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R5 L2 Fa0/0 10.35.1.2 UP 9 R5.02
R1 L1 Se0/0 10.13.1.1 UP 28 01
R3# show ip route isis
1.0.0.0/32 is subnetted, 1 subnets
i L1 1.1.1.1 [115/25] via 10.13.1.1, Serial0/0
172.16.0.0/24 is subnetted, 4 subnets
i L2 172.16.10.0 [115/20] via 10.35.1.2, FastEthernet0/0
i L2 172.16.1.0 [115/30] via 10.35.1.2, FastEthernet0/0
i L2 172.16.2.0 [115/30] via 10.35.1.2, FastEthernet0/0
i L2 172.16.3.0 [115/30] via 10.35.1.2, FastEthernet0/0
10.0.0.0/24 is subnetted, 5 subnets
i L1 10.12.1.0 [115/35] via 10.13.1.1, Serial0/0
i L2 10.24.1.0 [115/30] via 10.35.1.2, FastEthernet0/0
i L2 10.45.1.0 [115/20] via 10.35.1.2, FastEthernet0/0
Since R2 and R3 realize that they are connected to one or more IS-IS areas, they set the Attached bit in L1 LSP when sending LSPs to R1 router. R1 chooses to create a default route with R3 as next-hop as the metric to reach R3 is 15, while the metric to reach R2 is 20.
R1's IS-IS Database and routing table
R1# show isis database
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 * 0x0000000A 0x4F99 609 0/0/0
R2.00-00 0x00000009 0x2197 1156 1/0/0
R3.00-00 0x00000004 0x2D96 1167 1/0/0
R1# show ip route isis
i*L1 0.0.0.0/0 [115/15] via 10.13.1.2, Serial0/1
The traceroute to one of the destinations on R4 router proves that R3 is chosen as the next-hop by R1. Notice the path R1-R3-R5-R4.
Traceroute output
R1# traceroute 172.16.1.1
Type escape sequence to abort.
Tracing the route to 172.16.1.1
1 10.13.1.2 56 msec 32 msec 52 msec
2 10.35.1.2 116 msec 44 msec 136 msec
3 10.45.1.1 124 msec 148 msec *
After Route Leaking
Due to invisibility of destinations in other areas, packets from R1 (L1) router could not take an optimal path to reach to destination on R4 router. R1 router could have chosen R2 router as the next-hop if R2 had advertised those prefixes to R1. To do this, route leaking can be performed on R2 router. This can be done using redistribute isis ip level-2 into level-1 distribute-list <extended_acl> command under IS-IS configuration. The extended ACL permits the prefixes to be redistributed into L1 from L2.
Route Leaking Configuration on R2
router isis
net 49.0001.0000.0000.0002.00
log-adjacency-changes
redistribute isis ip level-2 into level-1 distribute-list 100
!
access-list 100 permit ip 172.16.1.0 0.0.0.255 any
access-list 100 permit ip 172.16.2.0 0.0.0.255 any
access-list 100 permit ip 172.16.3.0 0.0.0.255 any
!
This causes R2 to advertise L2 prefixes permitted by ACL 100 into L1 routing. R2 will advertise these prefixes in L1 LSP in TLV 128 with distribution set to DOWN. The code ia indicates the prefixes are L2 --> L1 inter-area routes.
Inter-area routes installed in R1's routing table
R1# show ip route isis
172.16.0.0/24 is subnetted, 3 subnets
i ia 172.16.1.0 [115/168] via 10.12.1.2, Serial0/0
i ia 172.16.2.0 [115/168] via 10.12.1.2, Serial0/0
i ia 172.16.3.0 [115/168] via 10.12.1.2, Serial0/0
i*L1 0.0.0.0/0 [115/15] via 10.13.1.2, Serial0/1
A similar traceroute from R1 to R4 now shows that R2 is used as the next-hop. Hence, an optimal path R1-R2-R4 is taken.
Traceroute output
R1# traceroute 172.16.1.1
Type escape sequence to abort.
Tracing the route to 172.16.1.1
1 10.12.1.2 132 msec 72 msec 28 msec
2 10.24.1.2 168 msec 136 msec *
Note: R1 will re-advertise these inter-area prefixes to R3 router using L1 routing but since the DOWN bit is set for these prefixes, R3 will not advertise them back into L2 area. Hence, routing loops are prevented.
metric-style command
Notice that the metric value for inter-area routes is calculated incorrectly. The metric-type determines the base metric value of the redistributed routes. The metric value of internal metric-type will be between 1 and 63. The metric value of external metric-type will be between 64 and 128. The base value for internal metric-type is 0, while the base value for external metric-type is 64.
In this case, the routers are calculating the metric with the use of narrow metric. The narrow metric means only 6 bits are used to represent a metric (hence, the maximum metric value is 2^6 = 64). In order to properly calculate the metric, wide metric metric-style must be used which introduces a new TLV 135 with 24-bits to represent metric.
Wide metric can be enabled on all routers using the command metric-style wide under IS-IS configuration. The routing table of R1 now shows correct metric value.
R1's routing table
R1# show ip route isis
172.16.0.0/24 is subnetted, 3 subnets
i ia 172.16.1.0 [115/40] via 10.12.1.2, Serial0/0
i ia 172.16.2.0 [115/40] via 10.12.1.2, Serial0/0
i ia 172.16.3.0 [115/40] via 10.12.1.2, Serial0/0
i*L1 0.0.0.0/0 [115/15] via 10.13.1.2, Serial0/1
The following packet capture shows the new TLV 135 known as IP-Extended TLV.