Embed Size (px)
Citation preview
1
Link-state routing andIntermediate System to Intermediate System
Olof Hagsand KTH CSC
DD2490 p4 2011
Lecture 5: Link-state routing and IS-IS
2
Literature
•Read: CISCO: Introduction to Intermediate System-to-Intermediate System System Protocol
• link from home page -> literature
•Reference only Original standard: ISO DP 10589
• Rewritten in RFC 1142
IETF RFC 1195: How to use IS-IS for IPv4 IETF RFC 1069: How to encode IP addresses in ISIS IETF work-group: IS-IS for IP Internets (isis)
• IPv6, traffic-engineering, etc
3
IS-IS Network Topology•Area borders are between routers•Areas are called L1•Backbone is called L2•A router can be L1, L2, or L1+L2.•All inter-area traffic via L2 •L2 must be connected (1-level hierarchy)
L1 Area 1 L1 Area 2
L2
L1-L2Redistributes between L1
and L2
L1 RouterDefault and intra-area L2 Router
Inter-area routes
4
OSPF and IS-IS comparison
•Both are link-state protocols•IS-IS has a longer history from Digital via OSI
–OSI was thought to be the internetworking standard protocol–What survived was the OSI reference model
•IETF defined integrated IS-IS (or dual IS-IS) –to work both for OSI (CLNP) and IP networking–this is why it so easily could be extended with IPv6
•OSPF is newer and developed in IETF•Area difference
–OSPF defines area boundaries between interfaces–IS-IS defines area boundaries between nodes–IS-IS areas leads to simpler configuration
•Protocol dependency–IS-IS can run many protocols (IPv6, CLNP)–OSPF only IPv4, (OSPFv3 supports IPv6)
•OSPF is implemented on more platforms and more deployed•IS-IS often popular among network operators
5
L7: Application
L6: Presentation
L5: Session
L4: Transport
L3: Network
L2: Data Link
L1: Physical
The TCP/IP stack and OSI ref model
SMTP HTTP FTP DNS SSH ...
TCP UDP
IP
ICMP IGMP
ARP
Ethernet PPP WLAN ATM ...
SCTP
6
OSI and IP notation
TCP/IPIPICMPARPRouterHostASPacketDR
OSICLNS~CLNP~ES-ISIS (Intermediate system)ES (End System)Routing DomainPDU (Protocol data unit)DIS (Designated IS)
7
ISO addressingISO addresses are:•Variable length: 6-20 bytes (48-160 bits)•Hierarchical structure•Node addresses (not link or interface)•A CLNS network-layer address is called an NSAP•From an IS-IS perspective, such an address looks like below with the following fields(*)
AFI - Authority and format identifier. 49 corresponds to private address spaceArea ID - Unique area identifierSystem ID - Per-area unique IDNSEL - NSAP selector. Zero means intermediate system
AFI49
AREA ID SYSTEM ID NSEL00
–Example: 49.0201.1920.1210.3047.00
Length[bytes]: 1 2-12 6 1
(*) Actually, ISO addressing is much more complex,....
8
ISO addresses (more complex)
•AFI (Authority Format Identifier)Specifies the format of the rest of the adress
•IDI/ICD (Initial Domian Identifier/International Code Designator)Speficies the authority for the adress space
• HO-DSP (High Order Domain Specific Part)Indicates the sub authority for the routing domain
•Area•System ID•Nsel (N Selector)
9
Example of NET address in .se
•AFI (Authority Format Identifier) 39•IDI (Initial Domain Identifier) SE 752•DFI (Domain Format Identifier) 100•AAI (Administrative Authority Identifier) 0014•RSVD (Reserved)•RD (Routing domain)•Area, System ID and sel.
10
Encapsulation
•OSPF runs over IPAllows virtual linksRelies on fragmentation if OSPF messages > links MTUVulnerable to spoofing and denial-of-service
•ISIS runs over link-layerRouting protocol independent of routed protocolMore difficult to spoof and attackHarder to implement (there are many link-layers,...)
11
Packet types
•Hellos - IS-to-IS Hello (IIH)Link-level multicast
•Link-state Packets (LSP)Pseudo-nodes (cf OSPF network LSA), Example N2 below.Nonpseduo-node (cf OSPF router LSA), Example RT3-RT6Also level 1 / level 2 LSPs (area support)
•Sequence number PDUs: (CSNP/PSNP)Complete sequence number PDU (CSNP)
• A list of all LSPs of current database• Similar to OSPF DD packet
Partial sequence number PDU (PSNP)• Request or ack specific LSPs
RT3 RT4
RT5 RT6
RT3 RT4 RT4 RT6
N2
N2
Designated IS
12
Encoding
•OSPF Positional fieldsHard-wired for IPv432 bit alignmentUnknown LSAs are discarded
•ISIS uses TLV (Type - Length - Value)No alignmentExtensible Unknown LSAs are floodedNested TLVs give a lot of flexibility
13
Adjacency forming
•Send IIHs (IS-IS Hellos) over L2•Detect point-to-point or broadcast media•Match timers: holding time before defining a neighbor dead•Circuit-type (level 1 / level 2)•Priority - higher is better•On a broadcast link, a Designated IS is selected using priority and thereafter MAC address•A DIS with better prio (or mac address) pre-empts another DIS which makes DIS forming deterministic
In OSPF DR election is non-deterministic
•No need for BDR (backup)•Hellos are typically padded to full MTU size
To detect mismatching MTUs on same linkOSPF does this at DD
14
Areas
•IS-IS areas are named L1. •L2 represents inter-area routes•A router can be L1, L2 or L1-L2•A router can have most two link-state databases (L1 and L2)•An L1 area corresponds to an OSPF totally stub area with only intra-area routes and a default route to the nearest L2 router.•The L1 area is specified by the AREA-ID in the OSI address.
Therefore only one area per router
•Areas are formed as part of the hello protocol
15
Areas example•Two areas: 0001 and 0002 connected by inter-area L1-L2, and L2 routes•L2 corresponds to a backbone: all inter-area traffic must go via L2•The L1-L2 routers are area border routers
They redistribute routes from the L1 to the L2 link-state DBThey redistribute a default route from L2 to L1
L2L1: 0001
L2 L2L1: 0002
L1: 0002L1: 0001
16
Areas adjacency
•Two L1 routers can form L1 adjacencies only if areaid match•L2 routers always match
L1: 0002L1: 0001
L1: 0001L1: 0001MATCH!
NOMATCH!
L2L1: 0002
L2L1: 0001
L2L1: 0001
L2L1: 0001
MATCH!
MATCH!
L2L2MATCH!
17
L2 vs OSPF backbone
•L2 routers must be contiguous but is not an area in itself•There is even a mechanism for repairing partitioned L1 areas using L2 in IS-IS•L1 routers send all non intra-area traffic to the nearest L2 routers
Area 2
Area 1 Area 3
Area 4L1
L1
L1
L1
L1/L2
L1/L2
L1/L2L1/L2 L2
L1/L2
Note that the L2 routers are contiguous and spans all areas.
18
Route leaking
•Totally stub areas (only default route) can lead to sub-optimal routing
Why? Because if area is multi-homed, a single default route may not provide the best route
•It is possible to extend ISIS L1 areas to something similar to OSPF areas•L2 routes can be ”leaked” to L1 routers•L1 routers can then make better route calculations
19
Database
•OSPF stores Database AdvertisementsLSAs are usually many and smallNetwork and Router LSA can get largeLSAs are grouped into LSA Updates when floodingLSA Updates need to be rebuilt at each hopTherefore both LSA and OSPF message chsksums are needed
•IS-IS stores LSP packetsLSPs are organized by the originating routerLSPs are always flooded intact, never changed
• The same minimum MTU is required in the whole network!
Each topology change gives a new LSP
20
Extensions
•OSPF was never built to be extendedHardwired for IPv4IPv6 requires a new protocol (OSPFv3)
•ISIS is extendableSo far extending ISIS has straightforwardIPv6 ready (just like it's IPv4 and IPX ready...)
A side-note: Some researchers claim that routing protocols should be completely independ of each other, that they should act like ”ships in the night”: CLNP, IPX, IPv4 and IPv6 routing should be run by different protocols. But one can still run the same protocol in different instances, and then you get all benefits of configuration reuse, etc, of using the same protocol
21
Deployment
•IS-IS very popular in the ISP worldespecially large ISPs
•OSPF popular in enterprises•What are the reasons for this?•Availability of implementations:
Only the large routing vendors have good IS-IS implementations: CISCO, JUNIPERExample: There is no stable open-source IS-IS implementation available
•Many claim that IS-IS is easier to configure.
22
IS-IS lab
•IS-IS in pair, square and cross•IS-IS areas: a single L1, one L1/L2 and two L2 routers connected to all other groups.•IPv6 and ISIS
