IS-IS

Intermediate System to Intermediate System (IS-IS, also written ISIS) is a routing protocol designed to move information efficiently within a computer network, a group of physically connected computers or similar devices. It accomplishes this by determining the best route for data through a packet switching network.

The IS-IS protocol is defined in ISO/IEC 10589:2002^[2][3] as an international standard within the Open Systems Interconnection (OSI) reference design.

In 2005, IS-IS was called "the de facto standard for large service provider network backbones".^[4]

IS-IS is an interior gateway protocol, designed for use within an administrative domain or network. This is in contrast to exterior gateway protocols, primarily Border Gateway Protocol (BGP), which is used for routing between autonomous systems.^[5]

IS-IS is a link-state routing protocol, operating by reliably flooding link state information throughout a network of routers. Each IS-IS router independently builds a database of the network's topology, aggregating the flooded network information. Like the OSPF protocol, IS-IS uses Dijkstra's algorithm for computing the best path through the network. Packets (datagrams) are then forwarded, based on the computed ideal path, through the network to the destination.

The IS-IS protocol was developed by a team of people working at Digital Equipment Corporation as part of DECnet Phase V.

The Internet Engineering Task Force (IETF) published IS-IS in 1990^[6], but that RFC was later retracted and marked as historic^[7] because it republished a draft rather than a final version of the International Organization for Standardization (ISO) standard, causing confusion.

The protocol was standardized by ISO in 1992 as ISO 10589, for communication between network devices that are termed Intermediate Systems (as opposed to end systems or hosts) by the ISO. The purpose of IS-IS was to make the routing of datagrams possible using the ISO-developed OSI protocol stack called Connectionless-mode Network Service (CLNS). IS-IS was developed at roughly the same time that the Internet Engineering Task Force IETF was developing a similar protocol called OSPF. IS-IS was later extended to support routing of datagrams in the Internet Protocol (IP), the network-layer protocol of the global Internet. This version of the IS-IS routing protocol was then called Integrated IS-IS.^[8]

In IS-IS world there is slightly different terminology which comes from ISO wording. Below is the ISO terminology and its counterpart which is widely used in standards and related documentation.

• Intermediate system - router
• Designated intermediate system - designated router
• End system - host
• Circuit - link
• Adjacency - neighborship

Compared to OSPF, IS-IS has only two circuit types - broadcast (LAN) and P2P. Therefore, designs such as P2MP are unavailable in IS-IS.

IS-IS adjacency can be either broadcast or point-to-point.

IS-IS Hello PDU (IIH)

The IS-IS hello packets needs to be exchanged periodically between 2 routers to establish adjacency. Based on the negotiation, one of them will be selected as DIS (Designated IS). This hello packet will be sent separately for Level-1 or Level-2.: There are 3 IS-IS hello packets depending on the circuit type -

• LAN L1 (PDU type 15)
• LAN L2 (PDU type 16)
• P2P (PDU type 17). As can be seen, on point-to-point links there are no separate hello packets per level, while on broadcast links - there are.

Link State PDU (LSP)

This contains the actual route information. This LSP can contain many type–length–values (TLVs). LSP header is called LSP ID and consists of System ID, Pseudonode ID and Fragment ID. : In example of LSP ID 1921.6820.0002.02-01

• 1921.6820.0002 is System ID (that generated this LSP),
• 02 is Pseudonode ID,
• 01 is Fragment ID.

If Pseudonode ID is equal to zero, then this is a real intermediate system. Any value different from zero means that this LSP is generated by DIS (Pseudonode).

If LSP is too big, then it gets fragmented. In order to indicate this, Fragment ID is used. If Fragment ID is equal to zero, then no fragmentation has occurred.

Complete Sequence Number PDU (CSNP)

This packet will be sent only by the DIS. By default, for every 10 seconds, CSNP packet will be transmitted by DIS. This will contain the list of LSP IDs along with sequence number and checksum.

Partial Sequence Number PDU (PSNP)

If the router which receives CSNP packet finds some discrepancy in its own database, it will send an PSNP request asking the DIS to send specific LSP back to it.

From regular TCP/IP world we are used to know that each Layer 3 interface (including loopback) has its own IPv4 or IPv6 address. The most important point is that loopback interface always stays up (unless deleted) compared to physical or logical interfaces.

Therefore, ISO choose a different approach - instead of assigning layer 3 address to each interface, single address is assigned to loopback interface, while other interfaces are considered as unnumbered. This single address is called NET (Network Entity Title).

On a single intermediate system there can be up to 3 NET addresses. This is useful during migration from one area to another.

NET consists of Area, System ID and NSEL. Area itself consists of AFI (Address Family Identifier) and Area ID.

Area can have variable length of 1 - 13 bytes, System ID is 6 bytes and NSEL - 1 byte.

Let's check on an example NET of 49.0100.1921.6821.1138.00. Here,

• 49 is AFI, and in case of 49 it means "private address space", similar to RFC1918 for IPv4.,
• 0100 is Area ID,
• 49.0100 is Area,
• 1921.6821.1138 is System ID,
• 00 is NSEL, which must be zero. If not zero, then no IS-IS adjacency is formed.

In IS-IS there is conception of areas, but here it works differently from OSPF. First of all, in contrary to OSPF, in IS-IS area is terminated on router, not link.

In IS-IS, backbone area consists of contiguous Level 2 routers. Level 1 areas can be thought of stub areas in OSPF, where very limited reachability information is available. Level 2/Level 1 routers act like area border routers (ABRs) between Level 1 routers and Level 2 routers by keeping two databases - Level 1 database and Level 2 database.

Here is very important role of Level 2/ Level 1 - if it is connected to Level 2 router in other area, then it sets ATT (ATTached bit) in its Level 1 LSP. Level 1 routers which receive this LSP (with ATT bit) add default route to originator of this LSP. This is different from OSPF, where ABR generates default route to stub area routers and send it via LSA 3.

Compared to OSPF, in IS-IS rules of adjacency formation are much simpler.

• L1 router cannot form any adjacency with L2 router under any conditions.
• L1 router can form L1 adjacency with other L1 router if their areas match.
• L1 router can form L1 adjacency with L2/L1 router if their areas match.
• L2 router can form L2 adjacency with other L2 router regardless of their areas (they don't need to match).
• L2 router can form L2 adjacency with other L2/L1 router regardless of their areas (they don't need to match).
• L2/L1 router can form only L2 adjacency with other L2/L1 router if their areas don't match.
• L2/L1 router can form both L2 and L1 adjacency with other L2/L1 router if their areas match.

On broadcast networks IS-IS is prone to issue, similar to OSPF, when all routers on the broadcast segment need to form adjacency and exchange LSPs. Therefore, number of LSPs increase in square.

In order to overcome this issue, on each LAN segment a designated intermediate system (DIS) is elected. The router with the highest priority and System ID wins. But, if a new router shows up and has better priority or System ID, then it is elected as a new DIS.

Elected DIS router is a pseudonode, which uses resources (including System ID) of one real router. DIS describes adjacency between routers in the broadcast segment in hub-spoke manner, where DIS is the hub while other routers (including router, promoted to DIS) are spokes.

Pseudonode ID in LSPs, originated from DIS, always have Pseudonode ID field different from zero.

All routers on the LAN segment form adjacency with only DIS and exchanges LSPs with it.

The function of DIS is to send periodic CSNPs on the LAN segment and reply to PSNPs from other routers. In case of DIS failure a new DIS will be elected in the segment. The role of DIS is not as critical as of DR in OSPF. That's why there is no backup DIS (BDIS) elected in IS-IS compared to BDR in OSPF.

IS-IS supports both simple password and MD5 authentication types. In IS-IS, per-level or per-interface authentication is possible.

In addition, to protect from replay attack, IS-IS uses increasing Sequence number in IIH.

IS-IS is also used as the control plane for IEEE 802.1aq Shortest Path Bridging (SPB). SPB allows for shortest-path forwarding in an Ethernet mesh network context utilizing multiple equal cost paths. This permits SPB to support large Layer 2 topologies, with fast convergence, and improved use of the mesh topology.^[9] Combined with this is single point provisioning for logical connectivity membership. IS-IS is therefore augmented with a small number of TLVs and sub-TLVs, and supports two Ethernet encapsulating data paths, 802.1ad Provider Bridges and 802.1ah Provider Backbone Bridges. SPB requires no state machine or other substantive changes to IS-IS, and simply requires a new Network Layer Protocol Identifier (NLPID) and set of TLVs. This extension to IS-IS is defined in the IETF proposed standard RFC 6329.

• Fabric Shortest Path First (FSPF)
• Transparent Interconnection of Lots of Links (TRILL)

• IS-IS standard (ISO/IEC 10589:2002, Second Edition) – free-of-charge PDF version
• OSPF and IS-IS: A Comparative Anatomy by Dave Katz, Juniper
• Collection of RFCs pertaining to IS-IS Archived 2013-06-02 at the Wayback Machine
• IS-IS and OSPF difference discussion (Vishwas Manral, Manav Bhatia and Yasuhiro Ohara)
• Google Quagga IS-IS implementation
• Sample isisd.conf file: used with Quagga