3.8.a Describe basic ISIS network

IS-IS requires configuration on both the router and the interface. An IS-IS process is created when you enable IS-IS on a router and define a specific tag to identify that routing process . Interfaces configured with a specific tag will be part of the corresponding router process. More than one IS-IS process can run on a router for Connectionless Network Service (CLNS), but only one IS-IS process can run for IP.

Small IS -IS networks are built as a single area that includes all the routers in the network. As the network grows larger, it is usually reorganized into a backbone area made up of the connected set of all Level 2 routers from all areas. The areas are connected to local areas. Within a local area, routers know how to reach all system IDs. Between areas, routers know how to reach the backbone, and the backbone routers know how to reach other areas. Routers establish Level 1 adjacencies to perform routing within a local area (intra-area routing) . Routers establish Level 2 adjacencies to perform routing between Level 1 areas (inter-area routing).

If the network administrator does not specify Level 1 or Level 2 routing for the routing process being configured, the default routing behavior for the routing process will be Level 1-2.

If Level 2 routing is configured on any process, additional processes are automatically configured as Level 1, with the exception of previously configured Level 2 process, which will remain Level 2. You can have only one Level-2 process. You can configure the Level-2 process to perform Level-1 routing at the same time. If Level-2 routing is not desired for a router instance, use the is-type command in router configuration mode to remove the Level-2 capability. You can also use the is-type command to configure a different router instance as a Level-2 router. Some networks use legacy equipment that supports only Level 1 routing. These devices are typically organized into many small areas that cannot be aggregated due to performance limitations. Cisco routers are used to interconnect each area to the Level 2 backbone.

The idea behind the Designated Intermediate System (DIS) is similar to that behind the designated router in OSPF . The DIS creates a pseudo node (a virtual node), and all the routers on a LAN, including the DIS, form an adjacency with the pseudo node instead of forming n*( n-1) order adjacencies with each other in a full mesh.

On a LAN, one of the routers will elect itself the DIS based on interface priority (the default is 64). If all interface priorities are the same , the router with the highest subnetwork point of attachment (SNPA) is selected. MAC addresses are the SNPA on LANs. On Frame Relay networks, the local data-link connection identifier (DLCI) is the SNPA. If the SNPA is a DLCI and is the same at both sides of a link, the router with the higher system ID (in the NSAP address) will become the DIS. A pseudo node LSP represents a LAN, including all ISs attached to that LAN, just as a non-pseudo node LSP represents a router, including all ISs and LANs connected with the router.

The DIS election is pre-emptive (unlike with OSPF). If a new router boots on the LAN with a higher interface priority, it becomes the DIS, purges the old pseudo node LSP, and a new set of LSPs will be flooded. The DIS sends CSNPs describing all the LSPs in the database every 3 seconds. If a router needs an LSP because it is older than the LSP advertised by the DIS in its CSNP or it is missing an LSP that is listed in the CSNP, it will send a PSNP to the DIS and receive the LSP in return. This mechanism can work both ways: If a router sees that it has a newer version of an LSP, or it has an LSP that the DIS does not advertise in its CSNP, the router will send the newer or missing LSP to the DIS.

The Cisco IS-IS implementation offers an authentication mechanism to prevent unauthorized routers from forming adjacencies or injecting TLVs. Currently, only plain-text authentication is available where the configured password is transmitted inside the IS-IS PDUs unencrypted in plain text. As such, the password can be determined by sniffing the packets. Future Cisco IOS Software releases will also contain Hashed Message Authentication Codes with MD5 (HMAC-MD5) with encrypted passwords as specified in the corresponding IETF draft. IS-IS authentication is configured independently for adjacency establishment (hello) and for LSP authentication.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 4233-4236).  . Kindle Edition.