Complete Cisco IS-IS Multi Area Routing Lab Part 2
Welcome to Part 2 of the Complete Cisco IS-IS Multi Area Routing series.
In Part 1, we configured the complete IS-IS topology including Level-1, Level-2 and Level-1-2 routers along with multi-area communication concepts.
Part 2 focuses on advanced IS-IS operational features including:
- DIS election
- Hello timer tuning
- MPLS Traffic Engineering support
- IS-IS authentication
- Metric manipulation
- Inter-area connectivity
- Verification and troubleshooting
๐ฏ What You Will Learn
- How DIS election works
- Importance of Hello timers
- Why MPLS-TE requires wide metrics
- MD5 authentication in IS-IS
- Text authentication in IS-IS
- Metric tuning for backup paths
- Inter-area IS-IS routing
- Route verification and troubleshooting
Table of Contents
Task 1 - DIS Election
In IS-IS broadcast networks, a Designated Intermediate System (DIS) is elected.
The DIS acts similarly to OSPF DR but operates differently internally.
The router with the highest priority becomes the DIS.
DIS Election Logic
$$ Highest\ Priority \rightarrow DIS $$If priorities are equal:
$$ Highest\ MAC\ Address \rightarrow DIS $$R1 Configuration
interface e0/0 isis priority 100
R3 Configuration
interface f0/0 isis priority 100
Why DIS Election Matters
DIS reduces flooding overhead in broadcast networks.
Instead of every router exchanging complete databases individually, the DIS helps optimize synchronization.
R1# show isis interface Ethernet0/0 Circuit Type: level-1 Interface State: Up Priority: 100 DIS: R1
Task 2 - Hello Timer Tuning
IS-IS Hello packets maintain neighbor relationships.
By default, Hello timers may be too slow for modern enterprise environments.
We configure:
- Hello interval = 5 seconds
- Dead timer = 15 seconds
Dead Timer Formula
$$ Dead\ Timer = Hello\ Interval \times Multiplier $$In this lab:
$$ 5 \times 3 = 15 $$R3 Configuration
interface e0/1 isis hello-interval 5 isis hello-multiplier 3
R4 Configuration
interface e0/0 isis hello-interval 5 isis hello-multiplier 3
๐ก Important Concept
Faster Hello timers improve convergence speed but increase CPU utilization.
Task 3 - MPLS Traffic Engineering Support
MPLS Traffic Engineering requires wide metrics.
Classic IS-IS metrics support only small values. Wide metrics expand metric scalability significantly.
Classic vs Wide Metrics
Classic metric range:
$$ 0-63 $$Wide metric range:
$$ 0-16777215 $$Configure on ALL routers:
router isis metric-style wide
Why MPLS-TE Uses Wide Metrics
Traffic Engineering requires precise path calculations. Wide metrics provide larger numerical values for better path engineering.
Task 4 - Configure Backup Link Using Metrics
The link between R5 and R6 should operate as a backup path.
To achieve this, we increase the IS-IS metric.
Path Selection Formula
$$ Best\ Path = Lowest\ Total\ Metric $$Higher metrics make the path less preferred.
R5 Configuration
interface e0/1 isis metric 50
R6 Configuration
interface e0/1 isis metric 50
R5# show isis interface Ethernet0/1 Metric: 50
IS-IS Authentication
Authentication protects IS-IS from rogue routers and unauthorized adjacency formation.
MD5 Authentication Between R3 and R4
MD5 provides encrypted authentication.
R3 Configuration
key chain AUTH key 1 key-string ccie interface e0/1 isis authentication key-chain AUTH isis authentication mode md5
R4 Configuration
key chain AUTH key 1 key-string ccie interface e0/0 isis authentication key-chain AUTH isis authentication mode md5
MD5 Hashing Concept
$$ Hash = MD5(Key + Packet) $$Text Authentication Between R5 and R6
Text authentication sends the password in plain format.
R5 Configuration
key chain AUTH key 1 key-string ccie interface e0/1 isis authentication key-chain AUTH isis authentication mode text
R6 Configuration
key chain AUTH key 1 key-string ccie interface e0/1 isis authentication key-chain AUTH isis authentication mode text
๐ก Security Recommendation
Always prefer MD5 authentication over plain text authentication in production environments.
Inter-Area IS-IS Connectivity
Now we connect all IS-IS areas together.
R6 to R7 Connection
R6 Configuration
interface e0/2 ip router isis
R7 Configuration
interface e0/0 ip router isis
R7 to R9 Connection
R7 Configuration
interface e0/2 ip router isis
R9 Configuration
interface e0/0 ip router isis
R10 to R11 Connection
R10 Configuration
interface e0/1 ip router isis
R11 Configuration
interface e0/0 ip router isis
Inter-Area Reachability
$$ Area\ 49.0010 \leftrightarrow 49.0020 \leftrightarrow 49.0030 \leftrightarrow 49.0040 $$Verification and Connectivity Testing
Verify Neighbors
show isis neighbors
R7# show isis neighbors System Id Type Interface State R6 L2 Et0/0 UP R9 L2 Et0/2 UP
Verify Routes
show ip route isis
R1# show ip route isis i L1 10.1.1.0/24 i L2 10.12.12.0/24
Ping Verification
R1# ping 10.12.12.12
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos: !!!!! Success rate is 100 percent
๐ก Route Types Observed
- L1 routes = Intra-area routes
- L2 routes = Inter-area routes
Yes, full connectivity should exist if all adjacencies are operational.
Related Articles
Conclusion
This lab covered advanced IS-IS operational concepts including:
- DIS election
- Hello tuning
- MPLS-TE preparation
- Authentication
- Metric tuning
- Inter-area routing
- Connectivity testing
These features are heavily used in enterprise and service provider infrastructures. Mastering them is critical for advanced routing expertise.
Continue to Part 3 for redistribution, route leaking, route summarization and advanced IS-IS optimization techniques.
No comments:
Post a Comment