IS-IS Route Leaking

Hi Rene,

thanks a lot for your helpful explanation, I simulated your lab and found something that I need your explanation for it.

when I leaked 8.8.8.8 at R4, R2 calculated the metric of 8.8.8.8 with 168 as below:

R2#sh ip route isis 1
      8.0.0.0/32 is subnetted, 1 subnets
i ia     8.8.8.8 [115/168] via 192.168.24.4, 00:14:47, Ethernet0/2

although R4 calculated it with 30 :

R4#sh ip route isis
      8.0.0.0/32 is subnetted, 1 subnets
i L2     8.8.8.8 [115/30] via 192.168.47.7, 00:50:55, Ethernet0/1

the metric calculated with 40 at R2 when I configured the metric-style wide on all routers, I need your explanation for this please.

Thanks,
Walid

Hi Walid,

That’s a good question. I just booted this topology again and I see a metric of 40 on R2:

R2#show ip route isis                         

Gateway of last resort is 192.168.24.4 to network 0.0.0.0

i*L1  0.0.0.0/0 [115/10] via 192.168.24.4, 00:14:23, GigabitEthernet0/2
      8.0.0.0/32 is subnetted, 1 subnets
i ia     8.8.8.8 [115/40] via 192.168.24.4, 00:14:23, GigabitEthernet0/2
i L1  192.168.13.0/24 [115/20] via 192.168.12.1, 00:15:16, GigabitEthernet0/1
i L1  192.168.35.0/24 [115/30] via 192.168.12.1, 00:15:10, GigabitEthernet0/1
i L1  192.168.47.0/24 [115/20] via 192.168.24.4, 00:15:16, GigabitEthernet0/2

That’s without wide metrics:

R2:

router isis
 net 49.1234.0000.0000.0002.00
 is-type level-1
 log-adjacency-changes

R4:

router isis
 net 49.1234.0000.0000.0004.00
 log-adjacency-changes
 redistribute isis ip level-2 into level-1 route-map ROUTE_LEAKING

What do you see in the database?

R2#show isis database level-1 R4.00-00 detail 


IS-IS Level-1 LSP R4.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime/Rcvd      ATT/P/OL
R4.00-00              0x00000005   0xC9D0                 976/1199      1/0/0
  Area Address: 49.1234
  NLPID:        0xCC 
  Hostname: R4
  Metric: 10         IS R4.01
  IP Address:   192.168.47.4
  Metric: 10         IP 192.168.24.0 255.255.255.0
  Metric: 10         IP 192.168.47.0 255.255.255.0
  Metric: 30         IP-Interarea 8.8.8.8 255.255.255.255

Rene

Hi Rene,

R1#traceroute 8.8.8.8 

this command result:

R1 uses R3

Why do you write:

R1 uses R2

Hi Rene
why we will configure on R4 , not on R2 , is there a reason or first level-1-2 router

Hi Bahri,

Thanks, this is a typo yes. Just fixed it.

Rene

We leak from level 2 into level 1 so that’s why you have to do it on a level 1-2 router (R4 in this case).

When do we use route map and distribute list ?? What are the peculiarities of both?? Can you please distinguish between access list and prefix list also??

Hello Swapnil

Specifically for IS-IS route leaking, you can use either a distribute list or a route-map. Of course, each one has different capabilities. This distinction is not specific to IS-IS route leaking, but is the case for most applications in which both can be used. In general, a distribute list is a more quick and dirty, more simplistic way of implementing route leaking and other similar operations. A route map will provide you with more flexibility and capabilities in matching and taking action. Both can be equally effective for IS-IS route leaking however.

As for access lists and prefix lists, the following lesson explains the difference between the two quite eloquently and should cover most if not all of your questions.

I hope this has been helpful!

Laz

Just to be picky: at the beginning there is a “We can deal with this by” that repeats.

Thank you for all these lessons, they are really great!
Stefanita

Hello Stuat

Thanks for picking this up. You’re not being picky at all, we appreciate you bringing these things to our attention!

Laz

1 Like

Hi Stefanita,

I always appreciate it when people report errors :+1: Just fixed this.

Rene

1 Like

Hello Rene,

Just getting familiar with isis.
About your filtrering with acls my understanding was that we follow a logic netwok mask. When you filter the prefix 8.8.8.8 with any logic, the filtering shouldn’t be instead permit ip host 8.8.8.8 255.255.255.255 0.0.0.0

Hello Luis

The access list that is defined in the lesson is an extended access list that specifies a host address as the source, and any address as the destination. When you specify a host address using the host keyword, the access list automatically assumes a 255.255.255.255 subnet mask. If you use the host keyword it doesn’t allow you to enter a subnet mask at all, as seen below:

Router(config)#ip access-list extended My_ACL
Router(config-ext-nacl)#permit ip host 8.8.8.8 ?
  A.B.C.D       Destination address
  any           Any destination host
  host          A single destination host
  object-group  Destination network object group

Router(config-ext-nacl)#permit ip host 8.8.8.8 

After the host 8.8.8.8, it expects the destination address and not the subnet mask, so the syntax you use in your post will not work.

The result of the configuration in the lesson is that packets destined for the 8.8.8.8/32 host address will be matched exactly by the ACL, and will thus be leaked into area 1234. This way, routing only for this host address will use a different next hop address.

I hope this has been helpful!

Laz

Hello Laz,

Thanks for tour feedback, but I might explain myself wrong.

As per my understanding when we use extended acls for redistribution we can match the network part + subnet part.

In the particular exemple the acls below will accomplish the exact same thing isn’t it?

permit ip host 8.8.8.8 any 
permit ip 8.8.8.8 0.0.0.0 255.255.255.255 0.0.0.0

Thanks for your support.

Hello Luis

Sorry I misunderstood. Actually, the following two commands are identical:

permit ip host 8.8.8.8 any
permit ip 8.8.8.8 0.0.0.0 0.0.0.0 255.255.255.255

If you put in the second command and then look at the configuration file, you will find that it has been converted into the first:

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ip access-list extended my_list
Router(config-ext-nacl)#permit ip 8.8.8.8 0.0.0.0 0.0.0.0 255.255.255.255
Router(config-ext-nacl)#exit
Router(config)#exit
Router#show ip access-lists 
Extended IP access list my_list
    10 permit ip host 8.8.8.8 any
Router#

Notice the entry in the access list has been converted simply to ip host 8.8.8.8 any.

I hope this has been helpful!

Laz

Perfect thanks a lot

1 Like

Won’t there be a disadvantage on R3, as it has to follow the path towards R1 to reach 8.8.8.8 which is a longest route? Can you please let me know how to overcome this issue?

Hello Vigneshwar

You are correct in your thinking. However, IS-IS has a failsafe built-in for such situations. Although L1 routes are always preferred to L2 routes, in this case, the R3 router will have learned about the 8.8.8.8 destination as an L2 route, but it will also have learned it from the leaked route via R4. Because the leaked route has a designation of “inter-area” shown as “ia” in the routing table, it will actually prefer the L2 route to that destination rather than the leaked route.

I tried to confirm this using a lab, and to find this clearly stated in documentation, but I was unable to do so. But if you put this lab together, I suggest you take a look at the routing table of R3 after the route is leaked to see what path has been installed in the routing table.

I hope this has been helpful!

Laz

Hello René, I just finished the ISIS topics, however, I would like to ask you if you have reference material to configure ISIS with IPv6. I also want to ask you: What does Single/Multi-topology and multi-topology refer to in ISIS for IPv6.
Thank you

Hello Christian

We don’t currently have any lessons on ISIS for IPv6, however, you can visit the following Member Ideas page to make any suggestions for future lesson topics. You may find that others have made similar suggestions to yours and you can add your voice to theirs.

In the meantime, you can visit the following Cisco documentation to get more insight into IS-IS for IPv6.

IS-IS’s support for multi-topology essentially allows the protocol to operate using both IPv4 and IPv6 simultaneously. It removes some restrictions that did not allow this using conventional IS-IS. This Cisco documentation describes it clearly in this way:

IS-IS multitopology support for IPv6 allows IS-IS to maintain a set of independent topologies within a single area or domain. This mode removes the restriction that all interfaces on which IS-IS is configured must support the identical set of network address families. It also removes the restriction that all routers in the IS-IS area (for Level 1 routing) or domain (for Level 2 routing) must support the identical set of network layer address families. Because multiple SPFs are performed, one for each configured topology, it is sufficient that connectivity exists among a subset of the routers in the area or domain for a given network address family to be routable.

For more information, take a look at the link to the documentation, and if you have any further questions, please feel free to ask!

I hope this has been helpful!

Laz