Date created: 02/03/18 09:36:28. Last modified: 06/29/18 10:37:45

ISIS Basics

The following test IS-IS topology is buit on a single vMX running Junos 17.3R1.10, using logical systems:

 

The IS-IS config is below. By default a router with a Level2 link will advertise a default route to routers it has a Level1-only adjacency to (e.g. LS2 advertises a default route to LS1, LS3 advertises a default route to LS4). LS2 and LS3 are using an export policy to only advertise loopback prefixes to all neighbours. LS2 will advertise it's own loopback and LS1 loopback IPs to LS3. LS3 will advertise it's own loopback and LS4 loopback IPs to LS2. LS2 however, is only advertising it's own IP to LS1, the other loopback IPs it knows about (LS3 and LS4) are outside of the local area (0001). LS1 uses the default route from LS2 to reach these IPs.

set logical-systems LS1 interfaces ge-0/0/0 unit 1 vlan-id 1
set logical-systems LS1 interfaces ge-0/0/0 unit 1 family inet address 10.0.12.0/31
set logical-systems LS1 interfaces ge-0/0/0 unit 1 family iso # Enabled IS-IS at the data plan.
set logical-systems LS1 interfaces ge-0/0/0 unit 1 family inet6 address abcd:10:12::1/64
set logical-systems LS1 interfaces lo0 unit 1 family inet address 1.0.0.1/32
set logical-systems LS1 interfaces lo0 unit 1 family iso address 49.0001.0100.0001.0000.00 # At least one NET address is required on any interface, Loopback preferred.
set logical-systems LS1 interfaces lo0 unit 1 family inet6 address ::ffff:1:0:0:1/128
set logical-systems LS1 protocols isis traceoptions file isis-trace # This is too much logging for production
set logical-systems LS1 protocols isis traceoptions file size 10k   # and 10k wraps regularly with this volume
set logical-systems LS1 protocols isis traceoptions flag all        # of log entires.
set logical-systems LS1 protocols isis reference-bandwidth 1000g  # 1Tbps is the highest supported.
set logical-systems LS1 protocols isis topologies ipv6-unicast   # IPv6 Unicast must be explicitly enabled, IPv4 Unicast is enabled by default.
set logical-systems LS1 protocols isis overload timeout 120   # No "wait-for-bgp" like Cisco, so tweak as required.
set logical-systems LS1 protocols isis overload advertise-high-metrics # Link as still available during a failure of primary path.
set logical-systems LS1 protocols isis level 2 disable      # Make this a Level1 router only
set logical-systems LS1 protocols isis level 1 authentication-key "$9$M3F8xds2aZUHYg"
set logical-systems LS1 protocols isis level 1 authentication-type md5
set logical-systems LS1 protocols isis level 1 wide-metrics-only
set logical-systems LS1 protocols isis interface ge-0/0/0.1 hello-padding strict   # Highest overhead, useful if using 3rd party layer 2 links.
set logical-systems LS1 protocols isis interface ge-0/0/0.1 point-to-point   # Disable LAN IIH PDUs and use p-t-p IIH PDUs instead.
# set logical-systems LS1 protocols isis interface ge-0/0/0.1 checksum # Checksum can't be used on the same interface as MD5 authentication.
set logical-systems LS1 protocols isis interface lo0.1    # Enable the interface with the NET address, loopbacks automatically enter passive mode.
set logical-systems LS1 routing-options router-id 1.0.0.1
set logical-systems LS2 interfaces ge-0/0/1 unit 1 vlan-id 1
set logical-systems LS2 interfaces ge-0/0/1 unit 1 family inet address 10.0.12.1/31
set logical-systems LS2 interfaces ge-0/0/1 unit 1 family iso
set logical-systems LS2 interfaces ge-0/0/1 unit 1 family inet6 address abcd:10:12::2/64
set logical-systems LS2 interfaces ge-0/0/2 unit 2 vlan-id 2
set logical-systems LS2 interfaces ge-0/0/2 unit 2 family inet address 10.0.23.0/31
set logical-systems LS2 interfaces ge-0/0/2 unit 2 family iso
set logical-systems LS2 interfaces ge-0/0/2 unit 2 family inet6 address abcd:10:23::1/64
set logical-systems LS2 interfaces ge-0/0/4 unit 4 vlan-id 4
set logical-systems LS2 interfaces ge-0/0/4 unit 4 family inet address 10.0.23.2/31
set logical-systems LS2 interfaces ge-0/0/4 unit 4 family iso
set logical-systems LS2 interfaces ge-0/0/4 unit 4 family inet6 address abcd:10:23:2::1/64
set logical-systems LS2 interfaces lo0 unit 2 family inet address 1.0.0.2/32
set logical-systems LS2 interfaces lo0 unit 2 family iso address 49.0001.0100.0002.0000.00
set logical-systems LS2 interfaces lo0 unit 2 family inet6 address ::ffff:1:0:0:2/128
set logical-systems LS2 protocols isis traceoptions file isis-trace
set logical-systems LS2 protocols isis traceoptions file size 10k
set logical-systems LS2 protocols isis traceoptions flag all
set logical-systems LS2 protocols isis export IS-IS-Loopbacks-Only  # Filter prefix advertisements to loopbacks only.
set logical-systems LS2 protocols isis reference-bandwidth 1000g
set logical-systems LS2 protocols isis topologies ipv6-unicast
set logical-systems LS2 protocols isis overload timeout 120
set logical-systems LS2 protocols isis overload advertise-high-metrics
set logical-systems LS2 protocols isis level 2 authentication-key "$9$xuWNVYoJDikPaZ"
set logical-systems LS2 protocols isis level 2 authentication-type md5
set logical-systems LS2 protocols isis level 2 wide-metrics-only
set logical-systems LS2 protocols isis level 1 authentication-key "$9$vKEWX-wYoJGis2"   # Default is Level1 and Level2 are both enabled,
set logical-systems LS2 protocols isis level 1 authentication-type md5                  # without explicitly disabling one level then
set logical-systems LS2 protocols isis level 1 wide-metrics-only                        # the default mode is mixed Level1/2 router.
set logical-systems LS2 protocols isis interface ge-0/0/1.1 hello-padding strict
set logical-systems LS2 protocols isis interface ge-0/0/1.1 point-to-point
set logical-systems LS2 protocols isis interface ge-0/0/1.1 checksum
set logical-systems LS2 protocols isis interface ge-0/0/2.2 hello-padding strict
set logical-systems LS2 protocols isis interface ge-0/0/2.2 point-to-point
set logical-systems LS2 protocols isis interface ge-0/0/2.2 level 1 disable   # Backbone links become Level2 only.
set logical-systems LS2 protocols isis interface ge-0/0/4.4 hello-padding strict
set logical-systems LS2 protocols isis interface ge-0/0/4.4 point-to-point
set logical-systems LS2 protocols isis interface ge-0/0/4.4 level 1 disable
set logical-systems LS2 protocols isis interface lo0.2
set logical-systems LS2 policy-options policy-statement IS-IS-Loopbacks-Only term 1 from family inet
set logical-systems LS2 policy-options policy-statement IS-IS-Loopbacks-Only term 1 from route-filter 1.0.0.0/24 orlonger
set logical-systems LS2 policy-options policy-statement IS-IS-Loopbacks-Only term 1 then accept
set logical-systems LS2 policy-options policy-statement IS-IS-Loopbacks-Only term 2 from family inet6
set logical-systems LS2 policy-options policy-statement IS-IS-Loopbacks-Only term 2 from route-filter ::ffff:1:0:0:0/64 orlonger
set logical-systems LS2 policy-options policy-statement IS-IS-Loopbacks-Only term 2 then accept
set logical-systems LS2 policy-options policy-statement IS-IS-Loopbacks-Only term 1000 then trace
set logical-systems LS2 policy-options policy-statement IS-IS-Loopbacks-Only term 1000 then reject
set logical-systems LS2 routing-options router-id 1.0.0.2
set logical-systems LS3 interfaces ge-0/0/3 unit 2 vlan-id 2
set logical-systems LS3 interfaces ge-0/0/3 unit 2 family inet address 10.0.23.1/31
set logical-systems LS3 interfaces ge-0/0/3 unit 2 family iso
set logical-systems LS3 interfaces ge-0/0/3 unit 2 family inet6 address abcd:10:23::2/64
set logical-systems LS3 interfaces ge-0/0/5 unit 4 vlan-id 4
set logical-systems LS3 interfaces ge-0/0/5 unit 4 family inet address 10.0.23.3/31
set logical-systems LS3 interfaces ge-0/0/5 unit 4 family iso
set logical-systems LS3 interfaces ge-0/0/5 unit 4 family inet6 address abcd:10:23:2::2/64
set logical-systems LS3 interfaces ge-0/0/6 unit 6 vlan-id 6
set logical-systems LS3 interfaces ge-0/0/6 unit 6 family inet address 10.0.34.0/31
set logical-systems LS3 interfaces ge-0/0/6 unit 6 family iso
set logical-systems LS3 interfaces ge-0/0/6 unit 6 family inet6 address abcd:10:34::1/64
set logical-systems LS3 interfaces lo0 unit 3 family inet address 1.0.0.3/32
set logical-systems LS3 interfaces lo0 unit 3 family iso address 49.0002.0100.0003.0000.00
set logical-systems LS3 interfaces lo0 unit 3 family inet6 address ::ffff:1:0:0:3/128
set logical-systems LS3 protocols isis traceoptions file isis-trace
set logical-systems LS3 protocols isis traceoptions file size 10k
set logical-systems LS3 protocols isis traceoptions flag all
set logical-systems LS3 protocols isis export IS-IS-Loopbacks-Only
set logical-systems LS3 protocols isis reference-bandwidth 1000g
set logical-systems LS3 protocols isis topologies ipv6-unicast
set logical-systems LS3 protocols isis overload timeout 120
set logical-systems LS3 protocols isis overload advertise-high-metrics
set logical-systems LS3 protocols isis level 1 authentication-key "$9$77-b2aZjHqfJG"
set logical-systems LS3 protocols isis level 1 authentication-type md5
set logical-systems LS3 protocols isis level 1 wide-metrics-only
set logical-systems LS3 protocols isis level 2 authentication-key "$9$7X-b2aZjHqfJG"
set logical-systems LS3 protocols isis level 2 authentication-type md5
set logical-systems LS3 protocols isis level 2 wide-metrics-only
set logical-systems LS3 protocols isis interface ge-0/0/3.2 hello-padding strict
set logical-systems LS3 protocols isis interface ge-0/0/3.2 point-to-point
set logical-systems LS3 protocols isis interface ge-0/0/3.2 level 1 disable
set logical-systems LS3 protocols isis interface ge-0/0/5.4 hello-padding strict
set logical-systems LS3 protocols isis interface ge-0/0/5.4 point-to-point
set logical-systems LS3 protocols isis interface ge-0/0/5.4 level 1 disable
set logical-systems LS3 protocols isis interface ge-0/0/6.6 hello-padding strict
set logical-systems LS3 protocols isis interface ge-0/0/6.6 point-to-point
set logical-systems LS3 protocols isis interface lo0.3
set logical-systems LS3 policy-options policy-statement IS-IS-Loopbacks-Only term 1 from family inet
set logical-systems LS3 policy-options policy-statement IS-IS-Loopbacks-Only term 1 from route-filter 1.0.0.0/24 orlonger
set logical-systems LS3 policy-options policy-statement IS-IS-Loopbacks-Only term 1 then accept
set logical-systems LS3 policy-options policy-statement IS-IS-Loopbacks-Only term 2 from family inet6
set logical-systems LS3 policy-options policy-statement IS-IS-Loopbacks-Only term 2 from route-filter ::ffff:1:0:0:0/64 orlonger
set logical-systems LS3 policy-options policy-statement IS-IS-Loopbacks-Only term 2 then accept
set logical-systems LS3 policy-options policy-statement IS-IS-Loopbacks-Only term 1000 then trace
set logical-systems LS3 policy-options policy-statement IS-IS-Loopbacks-Only term 1000 then reject
set logical-systems LS3 routing-options router-id 1.0.0.3
set logical-systems LS4 interfaces ge-0/0/7 unit 6 vlan-id 6
set logical-systems LS4 interfaces ge-0/0/7 unit 6 family inet address 10.0.34.1/31
set logical-systems LS4 interfaces ge-0/0/7 unit 6 family iso
set logical-systems LS4 interfaces ge-0/0/7 unit 6 family inet6 address abcd:10:34::2/64
set logical-systems LS4 interfaces lo0 unit 4 family inet address 1.0.0.4/32
set logical-systems LS4 interfaces lo0 unit 4 family iso address 49.0002.0100.0004.0000.00
set logical-systems LS4 interfaces lo0 unit 4 family inet6 address ::ffff:1:0:0:4/128
set logical-systems LS4 protocols isis traceoptions file isis-trace
set logical-systems LS4 protocols isis traceoptions file size 10k
set logical-systems LS4 protocols isis traceoptions flag all
set logical-systems LS4 protocols isis reference-bandwidth 1000g
set logical-systems LS4 protocols isis topologies ipv6-unicast
set logical-systems LS4 protocols isis overload timeout 120
set logical-systems LS4 protocols isis overload advertise-high-metrics
set logical-systems LS4 protocols isis level 2 disable
set logical-systems LS4 protocols isis level 1 authentication-key "$9$ExbcrvLxdbs4X7"
set logical-systems LS4 protocols isis level 1 authentication-type md5
set logical-systems LS4 protocols isis level 1 wide-metrics-only
set logical-systems LS4 protocols isis interface ge-0/0/7.6 hello-padding strict
set logical-systems LS4 protocols isis interface ge-0/0/7.6 point-to-point
set logical-systems LS4 protocols isis interface lo0.4
set logical-systems LS4 routing-options router-id 1.0.0.4

Below is some of the vMX config, interfaces were added to a Linux bridge and VLAN tags used to create seperate broadcast domains:

set chassis network-services enhanced-ip
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/2 flexible-vlan-tagging
set interfaces ge-0/0/3 flexible-vlan-tagging
set interfaces ge-0/0/4 flexible-vlan-tagging
set interfaces ge-0/0/5 flexible-vlan-tagging
set interfaces ge-0/0/6 flexible-vlan-tagging
set interfaces ge-0/0/7 flexible-vlan-tagging

Previous page: vMX Notes
Next page: OSPFv2 Inter-Area Filtering