IS-IS Filtering

ReneMolenaar · June 2, 2017, 10:20am

This topic is to discuss the following lesson:

https://networklessons.com/cisco/ccie-routing-switching-written/is-is-filtering/

Zaman.rubd · June 16, 2017, 5:57pm

Hi Rene,
We know that for Link state Routing Protocol "The database within an area has to be same " .I want to know more briefly about this why need the DB synchronized must ?? What issue will raise if not synchronized . Appreciate your very clear explanation as always .Thx

br//zaman

lagapidis · June 21, 2017, 1:04pm

Hello Zaman

A fundamental characteristic of Link State routing protocols is that every router constructs a map of the connectivity to the network that indicates which nodes are connected to which other nodes. This map is contained within the database. Based on this map, each router independently calculates the next best logical path from it to every possible destination on the network. These collections of best paths are then used to populate the routing table on the router.

If the database is not the same in all routers within an area, then there can be several negative consequences:

Routers share information with their neighbours. If one router has an incomplete map of the network, it can give incorrect information to its neighbours, thus overwriting potentially correct routing information.
Incorrect or incomplete maps of the network may also result in routing loops which can be devastating to the operation of the network.
Incomplete maps can also cause the network never to converge, thus each router will use up resources in continually changing routing information or waiting for updated routing information that will never arrive.

I hope this has been helpful!

Laz

parente.luca · August 12, 2023, 9:21am

Hi,

From the example it seems that it’s possible to filter LSPs only on L1-L2 routers because of redistribute isis ip **level-1 into level-2**.

But let’s say we have only L1 routers, is it possibile to use the redistribute statement referincing level-1 to level-1 levels?
Like this: redistribute isis ip **level-1 into level-1** route-map xxx

Thanks

lagapidis · August 14, 2023, 6:42am

Hello Luca

IS-IS uses a hierarchical structure using areas in a similar manner to how OSPF uses areas. Whenever you use areas, you separate the IS-IS topology into logical units that operate independently but are connected using Level 2 routers.

The redistribute isis ip level-1 into level-2 command is used to redistribute L1 routes into L2 in an IS-IS network. Similarly, the redistribute isis ip level-2 into level-1 command is used to redistribute routes back from L2 to L1. These commands are typically used on L1-L2 routers, which are boundary routers between L1 and L2 areas for the purpose of redistributing routes between IS-IS areas. In other words, redistribution is used to inject routes in one IS-IS area into another.

Now if you have only L1 routers, that means you only have a single area, which in turn means that all routes are already exchanged between routers through the normal IS-IS routing protocol operation. Thus, there’s no need to redistribute routes within the same level because they are already known to each other.

For this reason, the redistribute isis ip level-1 into level-1 is not valid. The Cisco command reference for this command states that you must:

Specify either level-l into level-2 or level-2 into level-1

I hope this has been helpful!

Laz

parente.luca · August 14, 2023, 2:17pm

Hi Lazaros,

thank you for the answer!

I’ve thought about my question and in effect trying to filter LSPs inside of an area it does not really make sense: if I filter one LSP to be sent by a router, the neighboring router would not have the same LSDB of the others and this is a big problem in IS-IS/Link-State Routing Protocol.

Furthermore If I do not want some profixes to be present inside of an area database (L1 or L2) I simply do not enable the attached interface on the router and the prefix is actually filtered inside of an area/LSPDB-Lx without having to configure any kind of redistribution.

Is it right, no?

lagapidis · August 17, 2023, 6:26am

Hello Luca

You’re absolutely right. Just like OSPF, things like route filtering and route summarization can only take place at border routers. For OSPF that means at ABRs and ASBRs. For IS-IS, that means L2 routers. The reason is that by definition, for link state protocols, routers within an area must have the same LSDB.

One solution to your issue is to simply not enable the routing protocol on a particular interface, as you mention in your post. That way, the subnet of that interface will not participate in the routing protocol, and it will not be included in any advertisements.

However, there is another option. You can filter out what routes are to be installed in the local routing table. That way the route will still exist in the LSDB, thus you maintain the requirement of having identical LSDBs between routers in the same area, while picking and choosing which of those routes will appear in the routing table.

For OSPF, this can be done using distribute-lists, and more details about that can be found here:

For IS-IS, the idea is almost identical. Take a look at this NetworkLessons note on the topic of IS-IS route filtering.

I hope this has been helpful!

Laz