Junos Day One: IS-IS for dummies

For whatever reason I decided to start my Junos experience with a very simple IS-IS network – four core routers from my Building IPv6 Service Provider Core webinar. As Junosphere doesn’t support serial or POS interfaces, I migrated all links to Gigabit Ethernet and added a point-to-point GE link between PE-A and PE-B.

I started with a very simple configuration: dual-stack (IPv4+IPv6) network with IS-IS running on core interfaces (and the loopback).

Junos can run a single instance of each routing protocol per routing instance. You can run multiple copies of IS-IS, but you have to use multiple routing instances. The routing instances are not exactly VRFs; you can merge routes from multiple routing instances with proper import and export policies.

The configuration guide told me to configure NET on the loopback interface:

root@PE-A> show configuration interfaces lo0.0
family inet {
address 10.0.1.1/32;
}
family iso {
address 49.0000.0000.cccc.0001.00;
}
family inet6 {
address fec0::cccc:1/128;
address ::ffff:10.0.1.1/128;
}

All other IS-IS-related configuration is done within the protocols isis configuration block – a major difference from Cisco IOS, where you configure interface-specific parameters within the interface configuration mode (here’s why the Junos approach makes sense).

Discovery #1: Junos expects you to configure all routing protocol-related parameters in the protocols part of the configuration.

Anyway, continuing to read the Routing Protocols Configuration Guide, I listed all core interfaces within the protocol isis block:

root@PE-A> show configuration protocols isis
topologies ipv6-unicast;
interface ge-0/0/1.0 {
interface ge-0/0/4.0;
interface lo0.0;

No good, there were no adjacencies, and IS-IS was supposedly running only on the loopback interface. Excuse me? I did configure it on three interfaces.

root@PE-A> show isis adjacency

root@PE-A> show isis interface
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
lo0.0 0 0x1 Passive Passive 0/0

After spending some more time going through the Routing Protocols configuration guide I figured out the problem: you have to enable family iso on the interfaces on which you want IS-IS to run. Remember: without data-plane configuration (interfaces) control plane won’t work.

Discovery #2: List IS-IS interfaces in the protocol isis configuration block and enable family iso on each interface.

root@PE-A> show configuration interfaces ge-0/0/4.0
description "Link to P router";
family inet {
address 10.0.7.9/30;
}
family iso;
family inet6;

root@PE-A> show configuration interfaces ge-0/0/1.0
family iso;
family inet6 {
unnumbered-address lo0.0;
}

After adding the family iso into each interface configuration, IS-IS started to work and established both L1 and L2 adjacencies between all routers.

root@PE-A# run show isis adjacency
Interface System L State Hold (secs) SNPA
ge-0/0/1.0 PE-B 1 Up 8 56:68:28:2b:86:eb
ge-0/0/1.0 PE-B 2 Up 6 56:68:28:2b:86:eb
ge-0/0/4.0 P 1 Up 8 56:68:28:2b:87:5
ge-0/0/4.0 P 2 Up 8 56:68:28:2b:87:5

However, a quick look into the IS-IS database revealed a well-known problem: L2 LSP contained all prefixes known to IS-IS:

root@PE-A> show isis database detail PE-A
IS-IS level 1 link-state database:

PE-A.00-00 Sequence: 0xb, Checksum: 0x6323, Lifetime: 1068 secs
IPV4 Unicast IS neighbor: PE-B.00 Metric: 10
IPV4 Unicast IS neighbor: P.03 Metric: 10
IPV6 Unicast IS neighbor: PE-B.00 Metric: 10
IPV6 Unicast IS neighbor: P.03 Metric: 10
IP IPV4 Unicast prefix: 10.0.1.1/32 Metric: 0 Internal Up
IP IPV4 Unicast prefix: 10.0.7.8/30 Metric: 10 Internal Up
V6 IPV6 Unicast prefix: ::ffff:10.0.1.1/128 Metric: 0 Internal Up
V6 IPV6 Unicast prefix: fec0::cccc:1/128 Metric: 0 Internal Up

IS-IS level 2 link-state database:

PE-A.00-00 Sequence: 0xd, Checksum: 0x7eb0, Lifetime: 1068 secs
IPV4 Unicast IS neighbor: PE-B.00 Metric: 10
IPV4 Unicast IS neighbor: P.03 Metric: 10
IPV6 Unicast IS neighbor: PE-B.00 Metric: 10
IPV6 Unicast IS neighbor: P.03 Metric: 10
IP IPV4 Unicast prefix: 10.0.1.1/32 Metric: 0 Internal Up
IP IPV4 Unicast prefix: 10.0.1.2/32 Metric: 20 Internal Up
IP IPV4 Unicast prefix: 10.0.1.5/32 Metric: 20 Internal Up
IP IPV4 Unicast prefix: 10.0.1.6/32 Metric: 10 Internal Up
IP IPV4 Unicast prefix: 10.0.2.0/24 Metric: 20 Internal Up
IP IPV4 Unicast prefix: 10.0.7.8/30 Metric: 10 Internal Up
IP IPV4 Unicast prefix: 10.0.7.16/30 Metric: 20 Internal Up
V6 IPV6 Unicast prefix: ::ffff:10.0.1.1/128 Metric: 0 Internal Up
V6 IPV6 Unicast prefix: ::ffff:10.0.1.2/128 Metric: 20 Internal Up
V6 IPV6 Unicast prefix: ::ffff:10.0.1.5/128 Metric: 20 Internal Up
V6 IPV6 Unicast prefix: ::ffff:10.0.1.6/128 Metric: 10 Internal Up
V6 IPV6 Unicast prefix: fec0::cccc:1/128 Metric: 0 Internal Up
V6 IPV6 Unicast prefix: fec0::cccc:2/128 Metric: 20 Internal Up
V6 IPV6 Unicast prefix: fec0::cccc:3/128 Metric: 10 Internal Up
V6 IPV6 Unicast prefix: fec0::cccc:4/128 Metric: 20 Internal Up
V6 IPV6 Unicast prefix: fec0:1:1:13::/64 Metric: 20 Internal Up

The fix for that behavior is very simple: disable L1 routing. Here’s where the Junos documentation gets confusion – it tells you to disable L1 hellos on each individual interface, whereas in reality you can disable L1 globally with set protocols isis level 1 disable. I checked every possible angle, including “Configuring IS-IS” section (which lists all IS-IS configuration parameters) and “Summary of IS-IS Configuration Statements” – the level 1 disable command should not work at the protocol isis level ... but it does (which is a good thing).

Disable L1 processing

root@PE-A# show protocols isis
topologies ipv6-unicast;
level 1 disable;
interface ge-0/0/1.0
interface ge-0/0/4.0;
interface lo0.0;

Discovery #3: Disable L1 processing on individual IS-IS interfaces with set interface name level 1 disable configuration command. To disable it globally, use set level 1 disable command within [edit protocols isis].

Only L2 adjacencies were established after the configuration change ...

root@PE-A# run show isis adjacency
Interface System L State Hold (secs) SNPA
ge-0/0/1.0 PE-B 2 Up 6 56:68:28:2b:86:eb
ge-0/0/4.0 P 2 Up 8 56:68:28:2b:87:5

... and L2 LSP contained only the local prefixes:

root@PE-A> show isis database PE-A detail
IS-IS level 1 link-state database:

PE-A.00-00 Sequence: 0xd, Checksum: 0x94ef, Lifetime: 632 secs
IPV4 Unicast IS neighbor: PE-B.00 Metric: 10
IPV4 Unicast IS neighbor: P.03 Metric: 10
IPV6 Unicast IS neighbor: PE-B.00 Metric: 10
IPV6 Unicast IS neighbor: P.03 Metric: 10
IP IPV4 Unicast prefix: 10.0.1.1/32 Metric: 0 Internal Up
IP IPV4 Unicast prefix: 10.0.7.8/30 Metric: 10 Internal Up
V6 IPV6 Unicast prefix: ::ffff:10.0.1.1/128 Metric: 0 Internal Up
V6 IPV6 Unicast prefix: fec0::cccc:1/128 Metric: 0 Internal Up

IS-IS level 2 link-state database:

PE-A.00-00 Sequence: 0x14, Checksum: 0x512c, Lifetime: 998 secs
IPV4 Unicast IS neighbor: PE-B.00 Metric: 10
IPV4 Unicast IS neighbor: P.03 Metric: 10
IPV6 Unicast IS neighbor: PE-B.00 Metric: 10
IPV6 Unicast IS neighbor: P.03 Metric: 10
IP IPV4 Unicast prefix: 10.0.1.1/32 Metric: 0 Internal Up
IP IPV4 Unicast prefix: 10.0.7.8/30 Metric: 10 Internal Up
V6 IPV6 Unicast prefix: ::ffff:10.0.1.1/128 Metric: 0 Internal Up
V6 IPV6 Unicast prefix: fec0::cccc:1/128 Metric: 0 Internal Up

Summary of major differences between Cisco IOS and Junos

  • You have to configure CLNS NET on the loopback interface, not within the IS-IS process;
  • You can configure a single IS-IS routing process per routing instance, but can run multiple IS-IS processes per box (using multiple routing instances);
  • You have to enable family iso on every interface on which you want to run IS-IS;
  • You have to enable IS-IS on individual interfaces within the protocol isis section, not within the interface configuration;
  • You can use set protocol isis interface all, which would enable IS-IS on all interfaces that have family iso enabled. After that, you can disable individual interfaces with set protocol isis interface name disable.

Disclosure

The only reason I learned the marginal bits & pieces I know about Junos is because Juniper kindly provided me with free access to Junosphere environment (thanks to @abnerg) ... but I was not compensated for my blog posts, or asked to write about Junos or Junosphere.

4 comments:

  1. looking forward to your commentary on RIB groups :-)..
  2. Hi Ivan!

    Just a little note for the first bullet of your diffs summary in the end of your article: you're not restricted to use loopback iface for NET configuration. Technically you can use *any* iso-enabled iface for that. Of course, it does not have much sense from the consistency point of view. :)
  3. Hi Ivan!, Great read, to clarify your point where globally disabling L1 should not work, does it mean that there is a mistake. According to Juniper what should be the right way.
    Replies
    1. Hi Unknown,

      As the blog post is almost 5 years old, it might be possible that Juniper fixed the documentation in the meantime, right?

      Anyway, there's a way to disable L1 either globally or per-interface. Choose whichever one fits your network design.
Add comment
Sidebar