Have loop free path ==> (Somewhat convoluted:) But means have only one path
router isis
maximum-paths 1
Showing posts with label ISIS. Show all posts
Showing posts with label ISIS. Show all posts
Wednesday, January 20, 2010
Thursday, January 07, 2010
using Overload Bit to avoid BGP black hole when router reboots
From RFC3787
4. Overload Bit
To deal with transient problems that prevent an IS from storing all
the LSPs it receives, ISO 10589 defines an LSP Database Overload
condition in section 7.3.19. When an IS is in Database Overload
condition, it sets a flag called the Overload Bit in the non-
pseudonode LSP number Zero that it generates. Section 7.2.8.1 of ISO
10589 instructs other systems not to use the overloaded IS as a
transit router. Since the overloaded IS does not have complete
information, it may not be able to compute the right routes, and
routing loops could develop. However, an overloaded router may be
used to reach End Systems directly attached to the router, as it may
provide the only path to an End System.
The ability to signal reduced knowledge is so useful that the meaning
of this flag has been overloaded. In a Service Provider's network,
when a router running BGP and IS-IS reboots, BGP might take more time
to converge than IS-IS. Thus the router may drop traffic for
destinations not yet learned via BGP. It is convenient to set the
Overload Bit until BGP has converged, as described in "Intermediate
System to Intermediate System (IS-IS) Transient Blackhole Avoidance"
[6].
An implementation SHOULD use the Overload Bit to signal that it is
not ready to accept transit traffic.
router isis
set-overload-bit on-startup wait-for-bgp
ISIS: hello-interval and hello-multiplier
int s2/0
isis hello-interval x level-2
isis hello-multiplier 3
Defaults
hello-interval is 10s
hello-multiplier is 3
hello-hold interval is 10s x 3 = 30s
isis hello-interval x level-2
isis hello-multiplier 3
Defaults
hello-interval is 10s
hello-multiplier is 3
hello-hold interval is 10s x 3 = 30s
ISIS: max-lsp-lifetime & lsp-refresh-interval
How to find it on Doc CD
Some one pls help me navigate it. The above link i found via google
Some one pls help me navigate it. The above link i found via google
Related Commands
Command | Description |
|---|---|
Sets the maximum time that link-state packets (LSPs) can remain in a router's database without being refreshed. |
max-lsp-lifetime (IS-IS)
To set the maximum time that link-state packets (LSPs) can remain in a router's database without being refreshed, use the max-lsp-lifetime command in router configuration mode. To restore the default lifetime, use the no form of this command.
max-lsp-lifetime seconds
no max-lsp-lifetime
Syntax Description
seconds | Lifetime of the LSP in seconds. The range is 1 to 65535 seconds; the default is 1200 seconds (20 minutes). |
Defaults
1200 seconds (20 minutes)
Command Modes
Router configuration
Command History
Usage Guidelines
If the lifetime is exceeded before a refresh LSP arrives, the LSP is dropped from the database.
You might need to adjust the maximum LSP lifetime if you change the LSP refresh interval with the lsp-refresh-interval (IP) command. LSPs must be periodically refreshed before their lifetimes expire. The value set for the lsp-refresh-interval command should be less than the value set for the max-lsp-lifetime command; otherwise, LSPs will time out before they are refreshed. If you misconfigure the LSP lifetime to be too low compared to the LSP refresh interval, the software will reduce the LSP refresh interval to prevent the LSPs from timing out.
You might prefer higher values for each command in order to reduce control traffic, at the expense of holding stale LSPs from a crashed or unreachable router in the database longer (thus wasting memory) or increasing the risk of undetected bad LSPs staying active (very rare).
Examples
The following example configures an LSP lifetime of 40 minutes:
router isis
max-lsp-lifetime 2400
Related Commands
lsp-refresh-interval (IS-IS)
To set the link-state packet (LSP) refresh interval, use the lsp-refresh-interval command in router configuration mode. To restore the default refresh interval, use the no form of this command.
lsp-refresh-interval seconds
no lsp-refresh-interval
Syntax Description
seconds | Interval (in seconds) at which LSPs are refreshed.The range is 1 to 65535 seconds. The default value is 900 seconds (15 minutes). |
Defaults
900 seconds (15 minutes)
Command Modes
Router configuration
Command History
Usage Guidelines
The refresh interval determines the rate at which Cisco IOS software periodically transmits in LSPs the route topology information that it originates. This is done to keep the database information from becoming too old.
LSPs must be periodically refreshed before their lifetimes expire. The value set for the lsp-refresh-interval command should be less than the value set for the max-lsp-lifetime command; otherwise, LSPs will time out before they are refreshed. If you misconfigure the LSP lifetime to be too low compared to the LSP refresh interval, the software will reduce the LSP refresh interval to prevent the LSPs from timing out.
Reducing the refresh interval reduces the amount of time that undetected link state database corruption can persist at the cost of increased link utilization. (This is an extremely unlikely event, however, because there are other safeguards against corruption.) Increasing the interval reduces the link utilization caused by the flooding of refreshed packets (although this utilization is very small).
Examples
The following example configures the IS-IS LSP refresh interval to be 1080 seconds (18 minutes):
router isis
lsp-refresh-interval 1080
Related Commands
Command | Description |
|---|---|
Sets the maximum time that link-state packets (LSPs) can remain in a router's database without being refreshed. |
max-lsp-lifetime (IS-IS)
To set the maximum time that link-state packets (LSPs) can remain in a router's database without being refreshed, use the max-lsp-lifetime command in router configuration mode. To restore the default lifetime, use the no form of this command.
max-lsp-lifetime seconds
no max-lsp-lifetime
Syntax Description
seconds | Lifetime of the LSP in seconds. The range is 1 to 65535 seconds; the default is 1200 seconds (20 minutes). |
Defaults
1200 seconds (20 minutes)
Command Modes
Router configuration
Command History
Usage Guidelines
If the lifetime is exceeded before a refresh LSP arrives, the LSP is dropped from the database.
You might need to adjust the maximum LSP lifetime if you change the LSP refresh interval with the lsp-refresh-interval (IP) command. LSPs must be periodically refreshed before their lifetimes expire. The value set for the lsp-refresh-interval command should be less than the value set for the max-lsp-lifetime command; otherwise, LSPs will time out before they are refreshed. If you misconfigure the LSP lifetime to be too low compared to the LSP refresh interval, the software will reduce the LSP refresh interval to prevent the LSPs from timing out.
You might prefer higher values for each command in order to reduce control traffic, at the expense of holding stale LSPs from a crashed or unreachable router in the database longer (thus wasting memory) or increasing the risk of undetected bad LSPs staying active (very rare).
Examples
The following example configures an LSP lifetime of 40 minutes:
router isis
max-lsp-lifetime 2400
ISIS: Jumbo Frames enabling causes high CPU Load !
Back in this post we mentioned how changing mtu causes ISIS neighborship to go down.
This was remedied by have the same clns mtu on both peers.
However this might cause another problem.
Every 10secs hello are sent out to neighbors with frames of size of the clns mtu.
This is done by padding data onto the frames.
This is called hello padding.
To optimize CPU cycles we can disable Hello Padding.
Either using router level cmd or Interface level cmd
router isis
no hello padding multi-point
OR
int s2/0.1 multipoint
no isis hello padding
Also configure the peer
int s2/0
no isis hello padding
This was remedied by have the same clns mtu on both peers.
However this might cause another problem.
Every 10secs hello are sent out to neighbors with frames of size of the clns mtu.
This is done by padding data onto the frames.
This is called hello padding.
To optimize CPU cycles we can disable Hello Padding.
Either using router level cmd or Interface level cmd
router isis
no hello padding multi-point
OR
int s2/0.1 multipoint
no isis hello padding
Also configure the peer
int s2/0
no isis hello padding
ISIS: Redstribution between L1 and L2
router isis
redistribute isis ip level-2 into level-1 distribute-list 100
ip access-list extended 100
permit ip any any
The above must be done at ABR, This will allow all L2 routes to be seen in L1 as ia
redistribute isis ip level-2 into level-1 distribute-list 100
ip access-list extended 100
permit ip any any
The above must be done at ABR, This will allow all L2 routes to be seen in L1 as ia
ISIS: ip mtu different ! neighborship not formed !
If we have different mtu between two neighbors ISIS neighborship doesnt come up.
More here on CCO support forum.
However, while I was reading up for CCIE, I found a workaround.
if we leave the ip mtu to be different but change the clns mtu to match up, the ISIS neighborship comes up.
More here on CCO support forum.
However, while I was reading up for CCIE, I found a workaround.
if we leave the ip mtu to be different but change the clns mtu to match up, the ISIS neighborship comes up.
R1 s2/0 -- R2 s2/0
R1
int s2/0
mtu 17001
clns mtu 9216
R2
int s2/0
mtu 17008
clns mtu 9216
ISIS: Router level config takes precedence over Interface level config
Lets say i have this setup
ASBR1 s2/2 --> PE1 s2/0
I want to run ISIS on this interface at Level-2 only.
This wont work
ASBR1
router isis
is-type level-2
int s2/2
ip router isis
PE1
router isis
is-type level-1
int s2/0
ip router isis
isis circuit-type level-2
It seems that on PE1 the Router ISIS (is-type ) cmd takes precedence over int s2/0 ( isis circuit-type) cmd
Strange isn't it , but that ISIS for you.
Once I modified the is-type to level-1-2 ( the default) on PE1, the neighborship came up.
Conclusion: Router ISIS (is-type ) cmd takes precedence over int s2/0 ( isis circuit-type) cmd
ASBR1 s2/2 --> PE1 s2/0
I want to run ISIS on this interface at Level-2 only.
This wont work
ASBR1
router isis
is-type level-2
int s2/2
ip router isis
PE1
router isis
is-type level-1
int s2/0
ip router isis
isis circuit-type level-2
It seems that on PE1 the Router ISIS (is-type ) cmd takes precedence over int s2/0 ( isis circuit-type) cmd
Strange isn't it , but that ISIS for you.
Once I modified the is-type to level-1-2 ( the default) on PE1, the neighborship came up.
Conclusion: Router ISIS (is-type ) cmd takes precedence over int s2/0 ( isis circuit-type) cmd
Wednesday, December 30, 2009
ISIS: TE
router isis
metric-style wide
mpls traffic-eng tunnel level-2
mpls traffic-eng tunnel router-id lo0
==> Side Effects
If there is a router somewhere else that you missed out configuring "metric-style wide" , ISIS adj will go down,
Ref: INE Workbook VOl2 V1.0 Lab 7 Task 5.4 ( Traffic Engineering)
############Alternative ####################################
configure the R3 router with foll
router isis
metric-style transition
Here is why
metric-style wide
mpls traffic-eng tunnel level-2
mpls traffic-eng tunnel router-id lo0
==> Side Effects
If there is a router somewhere else that you missed out configuring "metric-style wide" , ISIS adj will go down,
Ref: INE Workbook VOl2 V1.0 Lab 7 Task 5.4 ( Traffic Engineering)
############Alternative ####################################
configure the R3 router with foll
router isis
metric-style transition
Here is why
metric-style transition
To configure a router to generate and accept both old-style and new-style TLVs (TLV stands for type, length, and value object), use the metric-style transition command in router configuration mode.
metric-style transition {level-1 | level-2 | level-1-2}
Syntax Description
level-1 | Enables this command on routing level 1. |
level-2 | Enables this command on routing level 2. |
level-1-2 | Enables this command on routing levels 1 and 2. |
Defaults
IS-IS traffic engineering extensions include new-style TLVs with wider metric fields than old-style TLVs. By default, the MPLS traffic engineering image generates old-style TLVs only. To do MPLS traffic engineering, a router needs to generate new-style TLVs.
Tuesday, December 29, 2009
ISIS : The Pain
1) Authenticate with all interfaces in L2 ( or L1)
domain-password CISCO
2) The interface level
isis authentication mode text level-2
isis password CISCO
What do the above do ?
I read on IEOC forum that these only authenticate the Hello PDU
domain-password CISCO
2) The interface level
isis authentication mode text level-2
isis password CISCO
What do the above do ?
I read on IEOC forum that these only authenticate the Hello PDU
whereas the Authentication on the ISIS instance authenticates LSP, CSNP, and PSNP PDUs
Whatever ??? I will investigate further...
3) The new way , key-chain and stuff, like RIP
key chain ISIS_LEVEL2
key 1
key-string CISCO
!
router isis
authentication mode text level-2
authentication key-chain ISIS_LEVEL2 level-2
More information on the CCO link here
There are three types of passwords
1)
Interface x
isis password CISCO --> Used to Initialise the Link.
2)
router isis
area-password CISCO --> used to authenticate links in the given area ( 49.xxxx)
=> Caveat area-password cannot be used for L2 adj
"If directly connected routers have area-authentication configured on one side of a link, CLNS IS-IS adjacency is formed between the two routes. However, the router on which area-authentication is configured, does not accept L1 LSPs from the CLNS neighbor with no area-authentication configured. However, the neighbor with no area-authentication does continue to accept both L1 and L2 LSPs."
3)
router isis
domain-password CISCO --> Used to authenticate links in the given domain (49)
=>Caveat
"If you configure domain authentication on one router, it rejects the L2 LSPs from routers that do not have domain authentication configured. Routers that do not have authentication configured accept the LSPs from the router that does have authentication configured."
Subscribe to:
Posts (Atom)