Configuring IS-IS in Gaia Portal

Important - On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must connect to the Gaia PortalClosed Web interface for the Check Point Gaia operating system. of the applicable Security Group.

Procedure

  1. With a web browser, connect to the GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal.

  2. Log in.

  3. From the left navigation tree, click Advanced Routing > IS-IS.

  4. Configure the Global Options:

    1. Configure the System ID.

      1. From the left navigation tree, click Advanced Routing > IS-IS.

      2. In the System ID section, enter the System ID.

        The System ID of an IS-IS router uniquely identifies the router in the IS-IS domain.

        The System ID on each IS-IS router must be unique in the IS-IS domain.

        The System ID is a 6 byte hex string, separated on two-byte boundaries by a "." (period).

        To remove the System ID you configured explicitly, configure the System ID to the "default" value.

        Example System ID: 1a2b.3c4d.5e6f

      3. Click Apply System ID.

      Important:

      • In ClusterXL, you must configure the same System ID on each Cluster MemberClosed Security Gateway that is part of a cluster..

      • You cannot change the System ID while IS-IS is already configured and running.

      • To change the System ID while IS-IS is running, first you must stop the IS-IS protocol in one of these ways:

        • Remove all IS-IS areas from the configuration.

        • Remove all IS-IS interfaces from the configuration.

    2. Add at least one Area.

      1. From the left navigation tree, click Advanced Routing > IS-IS.

      2. In the Area Addresses section, click Add.

      3. In the Area Address field, enter the IS-IS area ID.

        An area address is a variable-length string ranging from 1 to 13 bytes.

        The first byte of the area address can be two digits (from 00 to 99).

        The rest of the area address is represented as a hexadecimal string, separated on two-byte boundaries by a "." (period).

        An IS-IS router’s configured areas determine whether to form 'Level 1' adjacencies with other routers.

        An IS-IS router may belong to multiple areas, up to the configured maximum number of area addresses.

        Example area addresses:

        • 49

        • 12.34

        • 99.1a2b.3c4d

        • 55.ff.1234.abcd

      4. Click Save.

    3. Optional: Configure other global options as required in your IS-IS domain.

      Global settings apply to the IS-IS router as a whole.

      1. From the left navigation tree, click Advanced Routing > IS-IS.

      2. Click Edit Global Options.

      3. Configure the applicable settings.

      4. To configure per-level options:

        1. Click one of these:

          • Edit Level 1

          • Edit Level 2

        2. Configure the applicable settings.

        3. Click OK.

      5. Click Save.

      Description of options:

      Option

      Description

      IS Type

      Configures the IS-IS levels, on which this IS-IS router works.

      • IS-IS 'Level 1' routers form adjacencies only with other IS-IS neighbors that are configured in the same area.

      • IS-IS 'Level 2' routers form adjacencies with other directly connected 'Level 2'-capable IS-IS routers, regardless of area.

      • IS-IS 'Level 1-2' routers form 'Level 1' and 'Level 2' adjacencies, where appropriate.

      Best Practice - To conserve resources, configure an IS-IS router to work only on the level(s) that the IS-IS topology requires.

      Options:

      • Level 1 - Uses 'Level 1' only

      • Level 2 - Uses 'Level 2' only

      • Level 1-2 - Uses 'Level 1' and 'Level 2'

      Default:

      • Level 1-2

      Broadcast link hello padding

      Configures how this IS-IS router adds the padding in its 'Hello' packets.

      This field controls the padding for broadcast interfaces.

      IS-IS does not advertise what its interface MTU is in 'Hello' packets.

      Instead, it uses 'Hello' padding to make sure that neighbors have a matching MTU before they form an adjacency.

      If the MTU between two neighbors does not match, the router with the lower MTU drops the padded 'Hello' packet as malformed and does not form an adjacency.

      Options:

      • Smart - Adds padding in 'Hello' packets when forming a new adjacency

      • Always - Always adds padding in each 'Hello' packet

      • Off - Does not add padding in 'Hello' packets

      Default:

      • Smart

      P2P link hello padding

      Configures how this IS-IS router adds the padding in its 'Hello' packets.

      This field controls the padding for point to point interfaces.

      IS-IS does not advertise what its interface MTU is in 'Hello' packets.

      Instead, it uses 'Hello' padding to make sure that neighbors have a matching MTU before they form an adjacency.

      If the MTU between two neighbors does not match, the router with the lower MTU drops the padded 'Hello' packet as malformed and does not form an adjacency.

      Options:

      • Smart - Adds padding in 'Hello' packets when forming a new adjacency

      • Always - Always adds padding in each 'Hello' packet

      • Off - Does not add padding in 'Hello' packets

      Default:

      • Smart

      LSP lifetime

      Configures how long other IS-IS routers consider the LSP packets this IS-IS router generated to be valid.

      IS-IS routers periodically update the LSP packets they generate to make sure these LSP packets are still valid.

      Without this update, LSP packets eventually time out of neighbor routers' databases, and the routers remove the topology information related to these LSP.

      The LSP lifetime determines how long an LSP is considered valid without an update.

      Note - You must configure this value to be greater than the LSP refresh interval. You must configure a value that gives enough time between the lifetime and refresh interval to allow the refreshed LSP to propagate throughout the IS-IS domain before it can time out from any other router.

      Range: 1 - 65535 (seconds)

      Default: 1200

      LSP refresh interval

      Configures how frequently this IS-IS router sends updates for its LSP packets.

      IS-IS routers periodically update the LSP packets they generate to make sure these LSP packets are still valid.

      Without this update, LSP packets eventually time out of neighbor routers' databases, and the routers remove the topology information related to these LSP packets.

      Note - You must configure this value to be less than the LSP lifetime. You must configure a value that gives enough time between the lifetime and refresh interval. This allows the refreshed LSP to propagate throughout the IS-IS domain before it can time out from any other router.

      Range: 1 - 65535 (seconds)

      Default: 900

      LSP MTU

      Configures the maximum size of an LSP to send over any link.

      Note - You must configure a value that is less than or equal to the smallest MTU of an interface that runs IS-IS, minus 8 bytes of overhead:

      LSP MTU value <= (Smallest MTU of an interface that runs IS-IS) - (8 bytes of overhead)

      For a standard Ethernet interface, this value is 1500 - 8 = 1492 bytes.

      Range: 128 - 16000 (bytes)

      Default: 1492

      Max area addresses

      Configures the maximum number of configurable areas for this IS-IS router.

      The maximum number of configurable areas serves two purposes:

      Shows to IS-IS neighbor routers (through a field in 'Hello' packets) the maximum number of areas, to which this IS-IS router belongs.

      Shows the maximum number of configurable area addresses.

      Note - The default value of 3 area addresses is sufficient to support most area migration scenarios.

      Range: 3 - 254

      Default: 3

      Send hostname

      Enables (selected) or disables (cleared) the dynamic hostname mapping for IS-IS System IDs.

      It may be difficult to remember an IS-IS System ID as a string of numbers.

      IS-IS supports the sending of the hostname information between neighbor routers to associate a System ID with a hostname.

      Options:

      • Selected - Sends the local hostname and accepts neighbors' hostnames

      • Cleared - Does not send the local hostname and does not accept neighbors' hostnames

      Default:

      • Selected

      Adjacency check

      Enables (selected) or disables (cleared) the strict protocol checking with IS-IS neighbors.

      During the normal operation, IS-IS neighbors should agree on which IP protocols they run (IPv4 only, IPv6 only, or the two of them).

      In some cases, it may be necessary to run IS-IS between neighbors that do not run the same protocols (for example, maintaining adjacencies while migrating an IPv4-only IS-IS environment to an environment with IPv4 and IPv6).

      If you turn off this feature, this IS-IS router forms adjacencies with neighbors that do not match the list of IP protocols this IS-IS router uses for IS-IS.

      Options:

      • Selected - Enforces the strict protocol checking

      • Cleared - Does not enforce the strict protocol checking

      Default:

      • Selected

      Ignore attached bit

      Controls whether this IS-IS router ignores (selected) or not (cleared) the attached bits configured by other 'Level 2'-connected IS-IS routers.

      By default, 'Level 1-2' IS-IS routers do not send routes from 'Level 2' to 'Level 1'.

      Instead, they configure an "attached bit" in their packets to 'Level 1' areas.

      This attached bit shows that 'Level 1' routers should install a default route to the 'Level 2' router that configured it.

      In some cases, it may be necessary to ignore these attached bits, and not to install a default route to 'Level 1-2' routers.

      Options:

      • Selected - Does not install the default route to the "attached" routers

      • Cleared - Installs the default route to the "attached" neighbors

      Default:

      • Cleared

      Set overload bit

      Configures options related to the overload bit.

      IS-IS routers may optionally configure an overload bit in their 'Hello' packets and the LSP packets they send to other IS-IS routers.

      This bit shows that the router should not be used as a transit router for routing decisions.

      You can configure this bit permanently on routers that are never intended to pass traffic except to directly connected subnets.

      Options:

      • Selected - Enables the overload bit

      • Cleared - Does not enable the overload bit

      Default:

      • Cleared

      Option

      Description

      Default Metric

      Configures the default metric for all IS-IS interfaces.

      This IS-IS router uses this default metric, if you do not configure another metric explicitly.

      Range:

      • 1 - 16777214 - Uses the wide metric type

      • 1 - 63 - Uses the narrow metric type

      Default:

      • 10

      Metric Type

      Configures how this IS-IS router sends metric information to other IS-IS routers.

      IS-IS has two metric types:

      • Wide - A new style of metric that supports 24 bits of data. This gives a maximum value of 16777215.

      • Narrow - An old style of metric that uses 6 bits to store the metric value. This gives a maximum metric of 63, which was considered too restrictive.

      IS-IS supports narrow and wide metrics for compatibility with older implementations.

      If all routers in an IS-IS domain support wide metrics, then configure wide metrics because they give greater flexibility.

      The router accepts wide and narrow metric types, regardless of which types it sends.

      Options:

      • Wide - Sends the wide metric type only

      • Narrow - Sends the narrow metric type only

      • Transition - Sends the wide and narrow metric types

      Default:

      • Wide

      SPF Delay Intervals

      Configures the delay between subsequent SPF calculations.

      When the information announced by an IS-IS router changes the topology, all routers in the domain must run SPF to create the shortest path tree again.

      The SPF interval determines how frequently these shortest path calculations may occur.

      This option uses an exponential backoff to determine the delay between events.

      The delay before events after the "Second" period is the previous delay multiplied by two, up to the maximum delay.

      If an event does not occur for two "Max" periods, the router restores the delay to the "Initial" value.

      Options:

      • Max

        Specifies the maximum interval between two events

        • Range: 1 - 120 (seconds)

        • Default: 10

      • Initial

        Specifies the initial delay between when an event is scheduled, and when it actually takes place.

        • Range: 50 - 120000 (milliseconds)

        • Default: 5500

      • Second

        Specifies the delay between the first event and the second event.

        • Range: 50 - 120000 (milliseconds)

        • Default: 5500

      Partial Route Calculation Delay Intervals

      Configures the delay between subsequent Partial Route Calculation (PRC) events.

      When the information announced by an IS-IS router changes, but the overall topology remains the same, IS-IS does not need to run an entire SPF calculation. Instead, it may run a PRC to calculate the change in routes within the same topology.

      The PRC interval determines how frequently these partial route calculations may occur.

      This option uses an exponential backoff to determine the delay between events.

      The delay before events after the "Second" period is the previous delay multiplied by two, up to the maximum delay.

      If an event does not occur for two "Max" periods, the router restores the delay to the "Initial" value.

      Options:

      • Max

        Specifies the maximum interval between two events.

        • Range: 1 - 120 (seconds)

        • Default: 5

      • Initial

        Specifies the initial delay between when an event is scheduled, and when it actually takes place.

        • Range: 50 - 120000 (milliseconds)

        • Default: 2000

      • Second

        Specifies the delay between the first event and the second event.

        • Range: 50 - 120000 (milliseconds)

        • Default: 5000

      Authentication

      Configures IS-IS authentication for LSP, CSNP, and PSNP packets.

      You can configure IS-IS authentication for 'Hello' packets with interface authentication.

      When you configure an authentication mode, this IS-IS router authenticates all outgoing LSP, CSNP, and PSNP packets using the configured mode. By default, this IS-IS router also authenticates all incoming IS-IS packets.

      You can disable this behavior with the Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). command "authentication ignore <Packet Type> {on | off} [level {1 | 2}]".

      • 'Level 1' authentication applies to all 'Level 1' IS-IS packets - LSP, CSNP, and PSNP.

      • 'Level 2' authentication applies to all 'Level 2' IS-IS packets - LSP, CSNP, and PSNP.

      You can configure only one authentication mode per level at a time.

      Configuration of a new authentication mode removes the previous mode's configuration.

      Options:

      • None

        No authentication.

      • Simple

        Enables the simple (plaintext) authentication for IS-IS packets.

        This IS-IS router authenticates IS-IS packets using a plaintext password that is included with each IS-IS packet.

        If neighbor routers detect a mismatch in authentication, they drop the packets that have a mismatched authentication.

      • MD5

        Enables the HMAC MD5 authentication for IS-IS packets.

        IS-IS packets include an MD5 digest of the packet, based on a configured secret key (Password).

        You configure this secret on the router. The router does not send this secret in plaintext.

        As a result, this mode is more secure than the simple authentication.

        If neighbor routers detect a mismatch in authentication, they ignore the packets with a mismatched authentication.

        1. Click Add.

        2. In the Key ID field, enter the required number between 1 and 255.

        3. In the Secret field, enter the required authentication secret.

          May contain only letters, digits, and these characters: ! . , / - _ +

        By default, this IS-IS router uses the lowest configured MD5 Key ID to authenticate outgoing IS-IS packets.

        Use the "Active Key" field to change this behavior.

        The router can use any Key ID to authenticate incoming IS-IS packets.

      • Cryptographic

        Enables the cryptographic authentication for IS-IS packets.

        When using cryptographic authentication, each key-algorithm-secret triplet must match exactly on other IS-IS routers that are authenticating the same packets.

        1. Click Add.

        2. In the Key ID field, enter the required number between 1 and 255.

        3. In the Algorithm field, select the required algorithm:

          • HMAC-SHA-1

          • HMAC-SHA-256

          • HMAC-SHA-384

          • HMAC-SHA-512

        4. In the Secret field, enter the required authentication secret.

          May contain only letters, digits, and these characters: ! . , / - _ +

        By default, this IS-IS router uses the lowest configured Cryptographic key ID to authenticate outgoing IS-IS packets.

        Use the "Active Key" field to change this behavior.

        The router can use any key ID to authenticate incoming IS-IS packets.

  5. Configure IS-IS interfaces:

    Important - Configure at least one IS-IS interface.

    Interface options apply to each logical interface independently.

    1. From the left navigation tree, click Advanced Routing > IS-IS.

    2. In the Interfaces section, click Add.

    3. In the Interface field, select the applicable interface.

    4. In the Address Family field, select the applicable address family.

    5. Configure other applicable settings.

    6. To configure per-Level options:

      1. Click one of these:

        • Edit Level 1

        • Edit Level 2

      2. Configure the applicable settings.

      3. Click OK.

    7. Click Save.

    Description of options:

    Option

    Description

    Interface

    Name of the interface to configure.

    Address Family

    Configures the address family on the specified IS-IS interface.

    IS-IS sends and receives reachability information and calculates routes for the IP protocols that run on the specified interface.

    You must configure the address family to run IS-IS on the specified interface.

    Options:

    • IPv4 - Uses IPv4 only

    • IPv6 - Uses IPv6 only

    • IPv4 and IPv6 - Uses IPv4 and IPv6

    Default:

    • IPv4 and IPv6

    Circuit Type

    Configures the IS-IS levels on which this IS-IS interface works.

    Usually, IS-IS interfaces works on the same levels the IS-IS router is configured to support.

    If the router supports 'Level 1' and 'Level 2', but a link uses only one of these levels, you can restrict this link to work on a single level. This decreases the protocol traffic and resource consumption.

    Note - Use this option only if the IS Type option is configured with the value "Level 1-2" (its default value). If an interface is configured to run only at 'Level 1', and the IS-IS instance only runs at 'Level 2' (or the opposite), the interface does not run IS-IS.

    Options:

    • Inherit global IS type - Uses the global value configured in the "IS Type" field

    • Level 1 only - Uses 'Level 1' only

    • Level 2 only - Uses 'Level 2' only

    Default:

    • Inherit global IS type

    Hello padding

    Configures how this IS-IS routers adds the padding in 'Hello' packets on the specified interface.

    This configuration overrides the IS-IS instance configuration for 'Hello' padding.

    IS-IS does not show what its interface MTU is in IS-IS 'Hello' packets.

    Instead, it uses 'Hello' padding to make sure that neighbors have a matching MTU before they form an adjacency.

    If the MTU between two neighbors does not match, the router with the lower MTU drops the padded 'Hello' packet as malformed and does not form an adjacency.

    Options:

    • Inherit global setting - Uses the 'Hello' padding configuration from the IS-IS instance

    • Smart - Adds padding in 'Hello' packets when a new adjacency is forming

    • Always - Always adds padding in each 'Hello' packet

    • Off - Does not add padding in 'Hello' packets

    Default:

    • Inherit global setting

    LSP interval

    Configures the minimum delay between LSP packets this IS-IS router sends on the specified interface.

    Note - The lower the configured number, the faster the IS-IS converges on IS-IS neighbors, but the higher the system load on this IS-IS router.

    Range: 33 - 4294967295 (milliseconds)

    Default: 33

    Point to point

    Configures a broadcast IS-IS interface to behave as a point-to-point IS-IS interface.

    In certain topologies, it may be advantageous to make a broadcast interface behave as if it is point-to-point.

    This prevents the overhead present on broadcast interfaces.

    Note - Use this option only if this link has exactly two IS-IS routers (including this one).

    Options:

    • Selected - This interface behaves as point-to-point

    • Cleared - This interface behaves as broadcast

    Default:

    • Cleared

    Passive Mode

    Enables (selected) or disables (cleared) passive IS-IS operation on this interface.

    When an IS-IS interface runs in passive mode, it does not send protocol packets from the specified interface, but the IP connectivity information related to the interface is still included in LSP packets the IS-IS router sends from other active IS-IS interfaces.

    This mode is ideal for stub networks.

    Note - The IS-IS router enables this mode implicitly on loopback interfaces.

    Options:

    • Selected - This interface does not send protocol packets

    • Cleared - This interface works as a normal IS-IS interface

    Default:

    • Cleared

    P2P retransmit interval

    Note - This option is available only when you select "Point to point".

    This option only applies to point-to-point interfaces.

    This option does not apply if the specified interface is not point-to-point, or is not a broadcast interface that behaves as point-to-point.

    Configures the retransmit interval for LSP packets this IS-IS routers sends over a point-to-point link.

    IS-IS requires an IS-IS router to send acknowledgments for LSP packets it receives from its neighbor over a point-to-point link.

    If this router sends an LSP and does not get this acknowledgment within the configured retransmit interval, this router sends the LSP again, until it gets an acknowledgment.

    Range: 0 - 65535 (seconds)

    Default: 5 seconds

    P2P retransmit throttle

    Note - This option is available only when you select "Point to point".

    This option applies only to point-to-point interfaces.

    This option does not apply, if the specified interface is not point-to-point, or is not a broadcast interface that behaves as point-to-point.

    Configures how frequently this IS-IS router retransmits LSP packets over a point-to-point link to its neighbor when multiple packets are waiting to be sent.

    Range: 0 - 65535 (milliseconds)

    Default: The value of the "LSP interval" parameter for this interface.

    Advertise prefix

    Enables (selected) or disables (cleared) the advertising of this interface's IPv4 prefix to this router's IS-IS neighbors.

    By default, IS-IS includes all directly connected routes on the IS-IS interfaces in its Link State PDUs.

    However, in some cases, these routes are not necessary (for example, transit links which are never used as a final destination).

    In this case, it may be advantageous to not send these prefixes in LSP packets, so the total IS-IS link state database is smaller.

    Options:

    • Selected - Sends this interface's IPv4 prefix in IS-IS LSP packets

    • Cleared - Does not send this interface's IPv4 prefix in IS-IS LSP packets

    Default:

    • Selected

    Advertise IPv6 prefix

    Note - This option is available only when IPv6 Multi-Topology is enabled (see Configuring IS-IS IPv6 Multi-Topology in Gaia Portal).

    Enables (selected) or disables (cleared) the advertising of this interface's IPv6 prefix to this router's IS-IS neighbors.

    By default, IS-IS includes all directly connected routes on the IS-IS interfaces in its Link State PDUs.

    However, in some cases, these routes are not necessary (for example, transit links which are never used as a final destination).

    In this case, it may be advantageous to not send these prefixes in LSP packets, so the total IS-IS link state database is smaller.

    Options:

    • Selected - Sends this interface's IPv6 prefix in IS-IS LSP packets

    • Cleared - Does not send this interface's IPv6 prefix in IS-IS LSP packets

    Default:

    • Selected

    IP-Reach Detection

    Enables (selected) or disables (cleared) Bidirectional Forwarding Detection (BFD) on the specified interface.

    If you enable this feature, this IS-IS router creates a BFD session on the specified interface with all IS-IS neighbors that also have BFD enabled.

    While a BFD session is active between two neighbors, the IS-IS state responds to changes in the BFD state:

    • If the BFD state change to 'Down', then the state of that IS-IS link also changes to 'Down'.

    • If one IS-IS neighbor has BFD enabled and the other neighbor does not, then these neighbors do not create a BFD session, and BFD does not have an effect on the adjacency state.

    Notes for IPv6 Multi-Topology:

    (See Configuring IS-IS IPv6 Multi-Topology in Gaia Portal.)

    • If you did not enable IPv6 Multi-Topology, then this option tries to enable BFD for all address families (IPv4, IPv6) that you configured on the specified interface.

    • If you enabled IPv6 Multi-Topology, then this option tries to enable BFD only for IS-IS neighbors that use IPv4.

    Options:

    • Selected - Enables BFD for this interface

    • Cleared - Disables BFD for this interface

    Default:

    • Cleared

    IPv6 IP-Reach Detection

    Note - This option is available only when IPv6 Multi-Topology is enabled.

    Enables (selected) or disables (cleared) Bidirectional Forwarding Detection (BFD) on the specified interface.

    If you enable this feature, this IS-IS router creates a BFD session on the specified interface with all IS-IS neighbors that also have BFD enabled.

    While a BFD session is active between two neighbors, the IS-IS state responds to changes in the BFD state:

    • If the BFD state change to 'Down', then the state of that IS-IS link also changes to 'Down'.

    • If one IS-IS neighbor has BFD enabled and the other neighbor does not, then these neighbors do not create a BFD session, and BFD does not have an effect on the adjacency state.

    Notes for IPv6 Multi-Topology:

    (See Configuring IS-IS IPv6 Multi-Topology in Gaia Portal.)

    • If you did not enable IPv6 Multi-Topology, then this option tries to enable BFD for the IPv6 address you configured on the specified interface.

    • If you enabled IPv6 Multi-Topology, then this option tries to enable BFD only for IS-IS neighbors that use IPv6.

    Options:

    • Selected - Enables BFD for this interface

    • Cleared - Disables BFD for this interface

    Default:

    • Cleared

    Mesh group

    Configures the specified interface as a member of a mesh group.

    Usually, when an IS-IS router receives an LSP on one interface, the router automatically sends this LSP from all other interfaces.

    When several IS-IS routers are connected in a tight mesh, LSP packets are flooded more than is necessary to send database updates to all IS-IS routers in the domain.

    Configuring router interfaces as members of mesh groups causes routers to send LSP packets more selectively.

    This can reduce network traffic.

    Options:

    • "Blocked"

      Does not send LSP packets from this interface.

      Warning - Use this option carefully. If enough interfaces in a mesh are blocked, some routers may not receive each LSP. As a result, these routers will have an inconsistent link state database and make routing errors.

    • An integer from 1 to 4294967295

      Configures this interface as a member of a mesh group.

      When an interface is a member of a mesh group, this IS-IS router sends LSP packets only from interfaces that are not members of the same mesh group as the interface on which the router received this LSP.

      Warning - Use this option carefully. If enough interfaces in a mesh change their state to 'Down', LSP packets do not get to all members of the domain. As a result, the database becomes inconsistent, which leads to routing errors.

    • Blank (empty)

      Disables mesh grouping for this interface.

      This IS-IS router sends all LSP packets it received on other interfaces from this interface.

      This is the default behavior.

    Option

    Description

    Hello Interval

    Configures how frequently this IS-IS router sends 'Hello' packets on the specified interface.

    This interval need not match other IS-IS routers on the link.

    Range:

    • 1 - 65535 (seconds)

    Default: One of these:

    • 10 (if you did not configure the 'Hello' hold time)

    • The configured 'Hello' hold time divided by 3 and rounded down

    Hello Holdtime

    Configures the 'Hello' hold time for the specified interface.

    The hold time determines how long other IS-IS routers wait without receiving a 'Hello' packet from this IS-IS router before they consider this router as down.

    Range:

    • 3 - 65535 (seconds)

    Default: One of these:

    • 30 (if you did not configure the 'Hello' interval)

    • The configured 'Hello' interval multiplied by 3 (maximum of 65535)

    Metric

    Configures the metric (cost) related to the specified interface.

    The metric of each link in an IS-IS topology determines the total cost of a given route to a destination.

    Configure a metric on each IS-IS interface on an IS-IS router based on how much traffic you expect this interface to pass compared to other IS-IS interfaces.

    Options:

    • The word Maximum (or maximum) - The SPF algorithm uses an infinite cost for this interface

    • 1 - 16777214 - Uses the wide metric type

    • 1 - 63 - Uses the narrow metric type

    Default:

    • The value configured as the default-metric in the IS-IS instance configuration.

    Priority

    Configures the Designated Intermediate System (DIS) priority for the specified broadcast interface.

    On broadcast IS-IS interfaces, the IS-IS router with the highest priority is automatically elected to be the DIS.

    Configure the priority value to get the desired DIS on each IS-IS link.

    Range: 0 - 127

    Default: 64

    CSNP Interval

    Note - This option applies only to broadcast interfaces.

    Configures how frequently this IS-IS router sends a CSNP from the specified interface, if this router is the Designated Intermediate System (DIS) for this link.

    Range: 0 - 65535 (seconds)

    Note - The value 0 means this router does not send CSNP packets

    Default: 10

    Authentication

    Configures IS-IS authentication for 'Hello' packets this interface sends.

    When you configure the authentication, this IS-IS routers authenticates all 'Hello' packets using the configured method.

    By default, this IS-IS router also authenticates all incoming 'Hello' packets.

    You can disable this behavior with the Gaia Clish command "authentication ignore <Packet Type> {on | off} [level {1 | 2}]" for the IS-IS instance.

    • 'Level 1' authentication applies to all 'Level 1' IS-IS 'Hello' packets sent or received on this interface.

    • 'Level 2' authentication applies to all 'Level 2' IS-IS 'Hello' packets sent or received on this interface.

    You can configure only one authentication mode per level at a time.

    Configuration of a new authentication mode removes the previous mode's configuration.

    Options:

    • None

      No authentication.

    • Simple

      Enables the simple (plaintext) authentication for IS-IS packets.

      This IS-IS router authenticates IS-IS packets using a plaintext password that is included with each IS-IS packet.

      If neighbor routers detect a mismatch in authentication, they drop the packets that have a mismatched authentication.

    • MD5

      Enables the HMAC MD5 authentication for IS-IS packets.

      IS-IS packets include an MD5 digest of the packet, based on a configured secret key (Password).

      You configure this secret on the router. The router does not send this secret in plaintext.

      As a result, this mode is more secure than the simple authentication.

      If neighbor routers detect a mismatch in authentication, they ignore the packets with a mismatched authentication.

      1. Click Add.

      2. In the Key ID field, enter the required number between 1 and 255.

      3. In the Secret field, enter the required authentication secret.

        May contain only letters, digits, and these characters: ! . , / - _ +

      By default, this IS-IS router uses the lowest configured MD5 Key ID to authenticate outgoing IS-IS packets.

      Use the "Active Key" field to change this behavior.

      The router can use any Key ID to authenticate incoming IS-IS packets.

    • Cryptographic

      Enables the cryptographic authentication for IS-IS packets.

      When using cryptographic authentication, each key-algorithm-secret triplet must match exactly on other IS-IS routers that are authenticating the same packets.

      1. Click Add.

      2. In the Key ID field, enter the required number between 1 and 255.

      3. In the Algorithm field, select the required algorithm:

        • HMAC-SHA-1

        • HMAC-SHA-256

        • HMAC-SHA-384

        • HMAC-SHA-512

      4. In the Secret field, enter the required authentication secret.

        May contain only letters, digits, and these characters: ! . , / - _ +

      By default, this IS-IS router uses the lowest configured Cryptographic key ID to authenticate outgoing IS-IS packets.

      Use the "Active Key" field to change this behavior.

      The router can use any key ID to authenticate incoming IS-IS packets.

Configuring IS-IS IPv6 Multi-Topology in Gaia Portal

The IPv6 Multi-Topology configuration allows an IS-IS router to consider IPv4 and IPv6 as separate routing domains. As a result, it is safer and easier to configure networks that have mixed support for both IPv4 and IPv6.

Important - IPv6 options in IS-IS only apply when you enable IPv6 Multi-Topology. If IPv6 Multi-Topology is disabled, IPv6 settings get their values from the non-IPv6 versions of these options, and the IPv6 options do not apply.

  1. From the left navigation tree, click Advanced Routing > IS-IS.

  2. Click Edit IPv6 Options.

  3. In the IPv6 Multi-topology field, select the applicable value.

  4. If you selected Transition or On, configure other applicable settings.

  5. To configure per-Level options:

    1. Click one of these:

      • Edit Level 1

      • Edit Level 2

    2. Configure the applicable settings.

    3. Click OK.

  6. Click Save.

Description of options:

Option

Description

IPv6 Multi-topology

Configures Multi-Topology for IPv6 unicast.

Multi-Topology maintains separate topologies for each Multi-Topology, on which it is enabled.

As a result, IS-IS runs SPF and calculates routes separately for IPv4 and IPv6.

In addition, adjacencies form as long as there is at least one common address family supported.

If you enable this feature, this IS-IS router ignores the "adjacency-check" option (as if it "off").

Options:

  • Off

    Disables Multi-Topology for IPv6.

    This IS-IS router sends only Single-Topology TLVs in LSP packets, and does not work with other routers that run in the Multi-Topology mode.

  • Transition

    Enables the Multi-Topology mode for IPv6.

    This IS-IS router sends the Single-Topology and Multi-Topology TLVs in LSP packets.

    The router creates adjacencies with Single-Topology and Multi-Topology routers, but continues to work in the Single-Topology mode.

  • On

    Enables the Multi-Topology mode for IPv6.

    This IS-IS router sends only Multi-Topology TLVs in LSP packets.

    All IS-IS routers in the area must support Multi-Topology to install IPv6 routes correctly.

Default:

  • Off

Ignore attached bit

Use this option to ignore attached bits set by level-2-connected IS-IS IPv6 routers.

By default, 'Level 1-2' IS-IS routers do not send routes from 'Level 2' to 'Level 1'.

Instead, they configure an "attached bit" in the packets they send to 'Level 1' areas.

This attached bit shows that 'Level 1' routers should install a default route to the 'Level 2' router that configured it.

In some cases, it may be necessary to ignore these attached bits, and not install a default route on 'Level 1-2' routers.

Options:

  • Selected - Does not install the default route on "attached" routers

  • Cleared - Installs the default route on "attached" neighbors

Default:

  • Cleared

Set overload bit

Enables (selected) or disables (cleared) the settings related to the overload bit for IPv6.

IS-IS routers may optionally configure an overload bit in the 'Hello' packets and LSP packets they send to other IS-IS routers.

This bit shows that the router should not be used as a transit router for routing decisions.

You can configure this bit permanently on routers that are never intended to pass traffic, except to directly connected subnets.

Options:

  • Selected - Enables the overload bit

  • Cleared - Does not enable the overload bit

Default:

  • Cleared

Option

Description

Default Metric

Configures the default metric for all IPv6 IS-IS interfaces. The interface uses this metric if you do not configure another IPv6 metric explicitly.

Note - The IPv6 metric takes effect only if in the "IPv6 Multi-topology" field, you selected "On".

Range:

  • 1 - 16777214 - Uses the wide metric type

  • 1 - 63 - Uses the narrow metric type

Default:

  • 10

SPF Delay Intervals

Configures the delay between subsequent SPF calculations.

When the information announced by an IS-IS router changes the topology, all routers in the domain must run SPF to re-create the shortest path tree.

The SPF interval determines how frequently these shortest path calculations may occur.

Note - The IPv6 SPF interval takes effect only if in the "IPv6 Multi-topology" field, you selected "On".

This option uses exponential backoff to determine the delay between events.

The delay before events after the "Second" period is the previous delay multiplied by two, up to the maximum delay.

If an event does not occur for two "Max" periods, the router restores the delay to the "Initial" value.

Options:

  • Max

    Specifies the maximum interval between two events.

    • Range: 1 - 120 (seconds)

    • Default: 10

  • Initial

    Specifies the initial delay between when an event is scheduled, and when it actually takes place.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5500

  • Second

    Specifies the delay between the first event and the second event.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5500

Partial Route Calculation Delay Intervals

Configures the delay between subsequent Partial Route Calculation (PRC) events for IPv6.

This option uses an exponential backoff to determine the delay between events.

The delay before events after the "Second" period is the previous delay multiplied by two, up to the maximum delay.

If an event does not occur for two "Max" periods, the router restores the delay to the "Initial" value.

Options:

  • Max

    Specifies the maximum interval between two events.

    • Range: 1 - 120 (seconds)

    • Default: 5

  • Initial

    Specifies the initial delay between when an event is scheduled, and when it actually takes place.

    • Range: 50 - 120000 (milliseconds)

    • Default: 2000

  • Second

    Specifies the delay between the first event and the second event.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5000

Restarting IS-IS

  1. From the left navigation tree, click Advanced Routing > IS-IS.

  2. In the Global Options section, click Restart IS-IS.

  3. Click OK to confirm.