Exercise: ISIS

Summary of Generic ISIS commands

router isis process-name

Enter ISIS configuration mode. The process-name is simply the name of the ISIS process - a router can run more than one ISIS process if required.

redistribute connected subnets

Advertise all networks to which we are connected, including those which are not being used to talk to other ISIS routers. The use of this command is not recommended within ISP backbones, but is included here for completeness.

("redistributed connected" by itself only distributes classful routes, i.e. whole class A/B/C networks, so it's important to add "subnets")

redistribute static subnets

Advertise all static routes we have (except defaultroute). The use of this command isn't ordinarily required or recommended. However, there will be circumstances where redistribution of statics into ISIS are required. An example will be shown in the lab.

default-information originate [route-map route-map]

Advertise a default route into ISIS, optionally using route-map route-map. Typically this would go on your border router(s).

is-type level-2-only

Set the the IS type to be in Level-2 only. ISP backbones only ever use level-2. Cisco IOS puts all interfaces in level 1 and 2 by default.

metric-style wide

Set the metric style to be wide. Cisco IOS uses narrow metrics by default which only gives 6 bits available for setting the IGP metric - not suitable for today's backbones, and won't permit IPv6 support.

ISIS interface configuration

ip router isis process-name                 Initiate ISIS process process-name on interface

isis circuit-type level-2-only              Set IS type to level 2

isis metric n level-2                       Set outbound interface cost to n

isis authentication mode md5 level-2        Use MD5 authentication on all ISIS packets

isis authentication key-chain chain-name level-2    Use chain-name as the key-chain for ISIS authentication

Part 1: Loopback interfaces

A loopback interface is a single (/32) IP address which belongs to a device, independent of its physical interface addresses. It's very convenient when managing routers, because you can use the loopback address as a fixed address to telnet to, or monitor using SNMP, which will continue to work even if one or more of the interfaces has failed.

1. Check that there is no ISIS process running from any previous exercises. To do this you can do sh run | include isis. If there is one there, remove it, for example:

   router-a#conf t
   router-a(config)#no router isis si-afnog
   router-a(config-if)#  [Hit ctrl-Z]
   router-a#write mem
   

2. Check that you have no static routes. If you do have some, remove them.

   router-a#show ip route
   The only routes you should see are (C)onnected routes for your own
   interfaces. If you have any (S)tatic routes, delete them like this:
   router-a#conf t
   router-a(config)#no ip route 196.200.220.32 255.255.255.240 196.200.220.30
   router-a(config-if)#  [Hit ctrl-Z]
   router-a#write mem
   

3. Now check your router can still ping the PC on your desk, and other routers on the backbone.

   (Your PC won't be able to ping any other PCs though, because your router doesn't have the routes any more)

4. You will need to subdivide your assigned network space. You will need one subnet for your desk network, and a /32 for the loopback. (In real life you would have a number of routers, and say a /29 block would be enough for 8 loopbacks). Configure your loopback address into your router.

   The example below is for the router belonging to Team A. They have decided to subdivide their address block 196.200.220.32/28 such that 196.200.220.47/32 is the address of the loopback interface of their router.

   router-a#conf t
   router-a(config)#int loopback0
   router-a(config-if)#ip address 196.200.220.47 255.255.255.255
   router-a(config-if)#  [Hit ctrl-Z]
   

5. Now save your configuration.

   router-a#write mem
   

Part 2: Learning routes via ISIS

The initial network topology is the same as for the static routing exercise

1. Enable ISIS on the backbone interface (only).

   Create the NSAP address from your loopback interface address as described in the presentation

   router-a#conf t
   router-a(config)#router isis si-afnog
   router-a(config-router)#net 49.0001.1962.0022.0001.00
   router-a(config-router)#is-type level-2-only
   router-a(config-router)#metric-style wide
   router-a(config-router)#log-adjacency-changes
   router-a(config-router)#  [Hit ctrl-Z]
   

2. We will now set ISIS on the backbone interface. We will also set the link cost to 100.

   router-a(config-router)#int faste0/0  (or int faste0/1)
   router-a(config-if)#ip router isis si-afnog
   router-a(config-if)#isis circuit-type level-2-only
   router-a(config-if)#isis metric 100 level-2
   router-a(config-if)#  [Hit ctrl-Z]
   

3. We will now mark the Loopback interface as passive to ensure that ISIS will install the loopback interface address into ISIS RIB but will not actually run ISIS on the interface itself.

   router-a(config)#router isis si-afnog
   router-a(config-router)#passive-interface Loopback 0
   

4. We also need to mark the internal LAN interface as passive to ensure that ISIS will announce our local LAN to the other routers in the classroom. As with the loopback, this will not run ISIS on the interface itself, but simply announce the interface's subnet.

   router-a(config)#router isis si-afnog
   router-a(config-router)#passive-interface faste0/1
   

5. Look at the ISIS status

   router-a#show clns int
   router-a#show clns neighbor
   router-a#show clns protocol
   

6. Once you have established a neighbor relationship with another router, you should automatically have learned some new routes:

   router-a#show ip route
   

   Routes learned through ISIS are tagged with I followed by an indication as to whether the prefix is L1 or L2. Check that the next hop IP address for each route is correct

   Also, the far router should also have picked up your route. You can go over to the other desk and ask to see "show ip route"

7. Check that your PC can ping the PCs on other desks

   $ ping 196.200.220.129
   ...
   

8. Once all desks are running, the instructors will add a class router into the ISIS cloud, and get it to announce a default route.

   Don't type this - it goes on the class border router
   si-border-1(config)#router isis si-afnog
   si-border-1(config-router)#default-information originate
   

9. Check that you can see the new router as a neighbor, and that you have picked up a default route (0.0.0.0)

   This should be sufficient to establish connectivity to the outside Internet! Use ping, traceroute etc. to test this

10. Save your config

    router-a#write mem
    

11. If you want DNS, you'll have to create /etc/resolv.conf on your PC

    domain ws.afnog.org
    nameserver 196.200.223.1
    

    You should then be able to ssh/telnet to the outside world.

Part 3: Configuration storage via TFTP

As discussed in the preceding TFTP exercise, save your configuration to your TFTP server

Part 4: IPv6 ISIS

We are now going to take the above topology and enable IPv6 on it.

1. To enable ISIS for IPv6, we do:

   ip router isis si-afnog
   address-family ipv6
   

2. We now add an IPv6 address for the interfaces we will be running IPv6 over. The active interface will be the classroom backbone, so the example might be:

   interface fastethernet 0/0
    ipv6 address 2001:4348:220:10::1/64 

   Configure addresses on the active interfaces on the router. You will need one /64 for the link to your PC, one /128 for the loopback interface, and of course an address on the backbone network.

3. We now go to each interface we want to run ISIS for IPv6, and activate it for IPv6. Here is an example:

   interface fastethernet 0/0 
    ipv6 router isis si-afnog 

   So this example says that we are going to run ISIS for IPv6 on FastEthernet 0/0. It also says that the IPv6 address/subnet configured on FastEthernet 0/0 will be automatically inserted into the ISIS IPv6 routing table.

4. We now set metric 100 on the interface as we did for IPv4 earlier:

   interface fastethernet 0/0
    isis ipv6 metric 100 level-2
   

5. Once all desks are running, the instructors will configure a default route on the class router.

     Don't type this - it goes on the class border router
      si-border-1(config)#router isis si-afnog
      si-border-1(config-router)#address-family ipv6
      si-border-1(config-router-af)#default-information originate
   

6. Check that you can see the new router as a neighbor, and that you have picked up a default route (::/0)

   This should be sufficient to establish IPv6 connectivity to the outside Internet! Use ping, traceroute etc. to test this

7. Save your config

   router-a#write mem

Part 5: Dynamic changes in topology

Above you showed how ISIS can learn routes from the rest of your network, without having to manually insert static routes. Now you can show how ISIS can adapt to topology changes and choose better (lower cost) routes when they are available

1. Work in pairs with an adjacent desk
2. Connect a DTE/DCE cable pair between Serial 0 (or Serial 0/0) on one router and the other.
3. One of you will need to allocate a /30 subnet out of your address space for the link, and assign an IP address to each end. Then both of you need to configure your end of the link.

   router-a#conf t
   router-a(config)#int s0/0  (or int s0/1)
   router-a(config-if)#description Serial link to desk B
   router-a(config-if)#ip address 196.200.220.37 255.255.255.252
   router-a(config-if)#no shutdown
   

4. You will need to do the same for IPv6. Agree between you and your neighbour on a /64 network to use for the point to point link between your routers. Suggested /64s are in the addressing notes.

   And now configure the link with its IPv6 addresses:

   router-a#conf t
   router-a(config)#int s0/0  (or int s0/1)
   router-a(config-if)#ipv6 address 2001:4348:220:11::1/64
   

5. Note: If the remote router does not support HDLC, then you will need to use PPP as the encapsulation.

   router-a#conf t
   router-a(config)#int s0/0
   router-a(config-if)#encap ppp
   

   Once this is done on both routers, "show int s0/0" should show that the Interface is up (layer 1), but Line protocol is down (layer 2).

6. On the router which has the DCE cable, set it to generate clock. If you can't tell which end is the DCE, just try it on both routers; the DTE end will refuse the command

   router-a(config-if)#clock rate 64000
   

   This is only because this is a back-to-back cable; normally you would use synchronous modems which generate clock

7. Line protocol should be up. Check you can ping the remote IP address. Because we have set the link to be only 64K, you should see a longer round-trip time reported by ping.

   router-a#ping 196.200.220.34
   

   Try this with IPv6 as well:

   router-a#ping
     2001:4348:220:11::2

8. Enable ISIS on the serial line. We will use a larger cost of 500 to reflect the fact that this is a slower-speed link

   router-a#conf t
   router-a(config-router)#int s0/0  (or s0/1)
   router-a(config-if)#ip router isis si-afnog
   router-a(config-if)#isis metric 500 level-2
   router-a(config-if)#  [Hit ctrl-Z]
   

9. Both desks: look at your forwarding table

   router-a#show ip route
   

   Look carefully at the route to your neighbor's desk network, and your neighbor's router loopback interface, and make a note of it.

10. On one desk, unplug the ethernet connection into the backbone, wait a few seconds, and look at the forwarding table again.

    Does the desk which had its ethernet unplugged still have connectivity to the Internet? When you traceroute, what route do the packets take?

11. Plug the ethernet back in. Set the cost of the serial link to 50.

    Look at the routes again. What has happened to the route to your neighbor's desk network, and to their loopback interface?

12. Try setting the cost of the serial link to 100

    Check the forwarding table ("show ip route"). Now what do you notice about the route to your neighboring desk's network?

13. We now do the same for ISIS for IPv6. Again we will use a larger cost of 500 to reflect the fact that this is a slower-speed link

    router-a#conf t
    router-a(config-if)#int s0/0  (or s0/1)
    router-a(config-if)#ipv6 router isis si-afnog
    router-a(config-if)#isis ipv6 metric 500 level-2
    router-a(config-if)#  [Hit ctrl-Z]
    

14. Both desks: look at your forwarding table

    router-a#show ipv6 route
    

    Look carefully at the route to your neighbor's desk network, and your neighbor's router loopback interface, and make a note of it.

15. On one desk, unplug the ethernet connection into the backbone, wait a few seconds, and look at the forwarding table again.

    Does the desk which had its ethernet unplugged still have connectivity to the Internet? When you traceroute, what route do the packets take?

16. Plug the ethernet back in. Set the cost of the serial link to 50.

    Look at the routes again. What has happened to the route to your neighbor's desk network?

17. Try setting the cost of the serial link to 100

    Check the forwarding table ("show ipv6 route"). Now what do you notice about the route to your neighboring desk's network?

Before finishing this exercise, remove the serial links and reboot the router to get back to the saved configuration.

Part 6: Extras

1. There are cross ethernet cables available if you wish to try some more complex topologies linking to other desks.

2. When finished, revert to the saved configuration from the end of Part 3. HINT: Use the file saved to the tftp server.