How IS-IS works

What is IS-IS?

The IS-IS (Intermediate-Systems to Intermediate-Systems) protocol is an interior gateway protocol (IGP) that uses link-state information to make routing decisions. Just like OSPF, another IGP, it uses the shortest-path-first (SPF) algorithm to determine routes.

IS-IS evaluates the topology changes and determines whether to perform full SPF recalculation or a partial route calculation (PRC). This protocol was orginally developed for routing International Organization for Standardization (ISO) Connectionless Network Protocol (CLNP) packets.

Just like OSPF routing, IS-IS uses hello packets that allow network convergence to occur quickly when changes are detected. IS-IS uses SPF to determine routes. Using SPF, IS-IS evaluated network topology changes and determines if a full or partial route calculation is required.

The main difference between OSPF and IS-IS is that where OSPF requires IP configuration, IS-IS uses CLNP packets, which are connectionless, to send information.

How does IS-IS work?

An IS-IS network is a single autonomous system (AS), also called a routing domain, that consists of end systems and intermediate systems. End systems are network entities that send and receive packets. Intermediate systems send and receive packets and relay (forward) packets. (Intermediate system is the Open System Interconnection [OSI] term for a router.) ISO packets are called network PDUs.

Why are we discussing this terminology? Well, IS-IS doesn't use IP addresses like OSPF does, as mentioned above. The ISO developed CLNP packets and an entire suite of other functionality separate to that of IP to make a "connectionless" IGP.

In IS-IS, a single AS can be divided into smaller groups called areas. Routing between areas is organized hierarchically, allowing a domain to be administratively divided into smaller areas. This organization is accomplished by configuring Level 1 and Level 2 intermediate systems. Level 1 systems route within an area; when the destination is outside an area, they route toward a Level 2 system. Level 2 intermediate systems route between areas and toward other ASs. No IS-IS area functions strictly as a backbone.

Level 1 routers share intra-area routing information, and Level 2 routers share interarea information about IP addresses available within each area. Uniquely, IS-IS routers can act as both Level 1 and Level 2 routers, sharing intra-area routes with other Level 1 routers and interarea routes with other Level 2 routers.

The propagation of link-state updates is determined by the level boundaries. All routers within a level maintain a complete link-state database of all other routers in the same level. Each router then uses the Dijkstra algorithm to determine the shortest path from the local router to other routers in the link-state database.

ISO Network Addresses

IS-IS uses ISO network addresses. Each address indentifies a point of connection to the network, such as a router interface, and is called a network service access point (NSAP).

IS-IS supports multiple NSAP addresses on the loopback lo0 interface.

An end system can have multiple NSAP addresses, in which case the addresses differ only in the last byte (called the n-selector). Each NSAP represents a service that is available in that node. In addition to having multiple services, a single node can belong to multiple areas.

Each network entity also has a special network address called a network entity title (NET). Structurally, an NET is identical to an NSAP address but has an n-selector of 00. Most end systems and intermediate systems have one NET. Intermediate systems that participate in multiple areas have multiple NETs.

Here is an example of a couple of ISO addresses following the IS-IS format:

NETs take several forms, depending on your network requirements. NET addresses are hexadecimal and range from 8 octets to 20 octets in length. Generally, the format consists of an authority and format identifier (AFI), a domain ID, an area ID, a system identifier, and a selector. The simplest formbat omits the domain ID and is 10 octets long. For example, the NET address 49.0001.1921.6800.1001.00 consists of the following parts:

• 49 - AFI
• 0001 - Area ID
• 1921.6800.1001 - System ID
• 00 - Selector

The system identifier must be unique within the network. For an IP-only network, it is recommended using the IP address of an interface on the router. Configuring a loopback NET address with the IP address is helpful when troubleshooting is required on the network.

The first portion of the address is the area number, which is a variable number from 1 through 13 bytes. The first byte of the area number (49) is the authority and format indicator (AFI). The next bytes are the assigned domain (area) identifier, which can be from 0 through 12 bytes. In the above example, the area is 0001.

The next six bytes form the system identifier. The system identifier can be any six bytes that are unique throughout the entire domain. The system identifier commonly is the media access control (MAC) address (for the first example,  00a0.c96b.c490) or the IP address expressed in binary-coded decimal (BCD) (as in the second example, 2081.9716.9018, which corresponds to an IP address 208.197.169.18). The last byte (00) is the n-selector.

IS-IS packets

Each IS-IS PDU shares a common header. IS-IS uses the following PDUs to exchange protocol information:

• IS-IS hello (IIH) PDUs - Broadcast to discover the identity of neighboring IS-IS systems and to determine whether the neighbors are Level 1 or Level intermediate systems.
  • IS-IS hello PDUs establish adjacencies with other routers and have three different formats: one for point-to-point hello packets, one for Level 1 broadcast links, and one for Level 2 broadcast links. Level 1 routers must share the same area address to form an adjacency, while Level 2 routers do not have this limitation. The request for adjacency is encoded in the Circuit type field of the PDU.
  • Hello PDUs have a preset length assigned to them. The IS-IS router does not resize any PDU to match the maximum transmission unit (MTU) on a router interface. Each interface supports the maximum IS-IS PDU of 1492 bytes, and hello PDUs are padded to meet the maximum value. When the hello is sent to a neighboring router, the connecting interface supports the max PDU size.
• Link-state PDUs - Contain information about the state of adjacencies to neighboring IS-IS systems. Link-state PDUs are flooded periodically throughout an area.
  • Also included is metric and IS-IS neighbor information. Each link-state PDU must be refreshed periodically on the network and is acknowledged by information within a sequence number PDU.
  • On point-to-point links, each link-state PDU is acknowledged by a partial sequence number PDU (PSNP), but on broadcast links, a complete sequence number PDU (CSNP) is sent out over the network. Any router that finds newer link-state PDU information in the CSNP then purges out-of-date entry and updates the link-state database. Link-state PDUs support variable-length subnet mask addressing (VLSM).
• Complete sequence number PDUs (CSNPs) - Contain a complete list of all link-state PDUs in the IS-IS database. CSNPs are sent periodically on all links, and the receiving systems use the information in the CSNP to update and synchronize their link-state PDU databases. The designated router multicasts CSNP on broadcast links in place of sending explicit acknowledgements for each link-state PDU.
  • Contained within the CSNP is a link-state PDU identifier, a lifetime, a sequence number, and a checksum for each entry in the database. Periodically, a CSNP is sent on both broadcast and point-to-point links to maintain a correct database. Also, the advertisement of CSNPs occurs when an adjacency is formed with another router. Like IS-IS hello PDUs, CSNPs come in two types: Level 1 and Level 2.
  • When a device receives a CSNP, it checks the database entries against its own link-state databases. If it detects missing information, the device requests specific link-state PDU details using a partial sequence number PDU (PSNP).
• Partial sequence number PDUs (PSNPs) - Sent multicast by a receiver when it detects that it is missing a link-state PDU (when its link-state PDU database is out of date). The receiver sends a PSNP to the system that transmitted the CSNP, effectively requesting that the missing link-state PDU be transmitted. That routing device, in turn, forwards the missing link-state PDU to the requesting routing device.
  • A PSNP is used by an IS-IS router to request link-state PDU information from a neighboring router. A PSNP can also explicitly acknowledge the receipt of a link-state PDU on a point-to-point link. On a broadcast link, a CSNP is used a implicit knowledge. Like hello PDUs and CSNPs, the PSNP also has two types: Level 1 and Level 2.
  • When a device compares a CSNP to its local database and determines that a link-state PDU is missing, the router issues a PSNP for the missing link-state PDU, which is returned in a link-state PDU from the router sending the CSNP. 
  • The receiving link-state PDU is then stored in the local database, an acknowledgement is sent back to the originating router. 

 IS-IS vs. OSPF

Both IS-IS and OSPF are IGPs. Meaning, they can be used for intra-area routing. However, IS-IS has key differences, including:

• IS-IS operates at Layer 2, while OSPF operates at Layer 3.
• IS-IS does not support virtual links, while OSPF does.
• IS-IS does not require IP connectivity between the routers as updates are sent via CLNS instead of IP, while OSPF requires IP connectivity between the routers to send routing information.
• IS-IS router can only belong to one area, while an OSPF router can belong to multiple areas.
• IS-IS runs on Layer 2 and is thus less likely to suffer attacks, while OSPF is more prone to attacks due to it being on Layer 3, and hence requires more security overhead for protection.
• IS-IS uses System ID to identify a router on the network, whilst OSPF uses Router ID to identify a router on the network.
• IS-IS is more flexible than OSPF.
• IS-IS doesn't refresh the entire SPF table, like OSPF does to its routing table every 30 minutes. It only requests updates via a PSNP when it detects a missing link-state entry when it receives a CSNP from another router.

In general, OSPF is a intradomain routing protocol and is based on link-state routing technology. It has introduced new concepts that are authentication of routing updates, VLSM, root summarizations, etc.

IS-IS is a standardized link-state protocol that was developed to the definitive routing protocol for the OSI Model. IS-IS is a Link-state IGP. Link-state protocols are distinguished by the circulation of the information required to build a complete network connectivity map on each participating router. This map is used to calculate the shortest path to destinations.

Predominately, IS-IS is used in an ISP environment.