Downloads |
Table Of Contents
Application Note
Using the IS-IS Attach-Bit
Control FeatureIntroduction
In Intermediate System-to-Intermediate System (IS-IS) networks, routing inter-area traffic from Layer 1 areas is accomplished by sending the traffic to the nearest Layer 1/Layer 2 router. A Layer 1/Layer 2 router identifies itself by setting an attach-bit (ATT-bit) in its Layer 1 link-state packet (LSP). In some situations, however, it might not be desirable to set the ATT-bit. For example, if there are multiple Layer 1/Layer 2 routers within a Layer 1 area and one of the Layer 1/Layer 2 routers loses its backbone connection, continuing to send inter-area traffic to this Layer 1/Layer 2 router can cause the traffic to be dropped. Cisco IOS® Software now introduces a new capability to allow network administrators to control when a Layer 1/Layer 2 router should set the ATT bit and avert dropped traffic.
Overview
In networks running hierarchical routing protocols—IS-IS or Open Shortest Path First (OSPF) Protocol, for example—it is beneficial, for redundancy purposes, to have multiple paths reach the backbone area from a local area. If one of the paths is lost to the backbone area, the other path can continue to be used for forwarding inter-area traffic. With IS-IS, routing the inter-area traffic is accomplished by sending the traffic to the closest Layer 1/Layer 2 router. Layer 1/Layer 2 routers identify themselves by setting the ATT-bit in their Layer 1 LSPs. Upon receiving an LSP with the ATT-bit set, a Layer 1 router knows that the LSP originator is a Layer 1/Layer 2 router that can be used to route inter-area traffic. When there are multiple Layer 1/Layer 2 routers in one local area, the Layer 1 routers within that local area forward inter-area traffic to the nearest Layer 1/Layer 2 router (Figure 1).
In Figure 1, the network element (NE) devices in Area 1 are acting as Layer 1 routers. They use either Rtr1 or Rtr2 Layer 1/Layer 2 routers to forward the traffic destined to areas outside of their local area. Assume all the links have equal cost. NE1 would use Rtr1 because it is closer than Rtr2. On the other hand, NE3 would use Rtr2. NE2 would perform load balancing to Rtr1 and Rtr2 because they are equidistant to NE2.
Figure 1
Sample Connectionless Network Service (CLNS) Network Topology
Issue
With the introduction of the multi-area support feature, Layer 1/Layer 2 routers can connect to multiple Layer 1 areas. This has effectively reduced the number of Layer 1/Layer 2 routers needed because multiple Layer 1 areas can share one Layer 1/Layer 2 router. On the other hand, it can complicate networks. In earlier Cisco IOS Software implementations, a Layer 1/Layer 2 router would set the ATT-bit in its Layer 1 LSP if it connects to multiple Layer 1 areas. Thus, if the backbone connection is lost, the Layer 1/Layer 2 router would still set the ATT-bit in the Layer 1 LSP. Consequently, the Layer 1 devices associated with that Layer 1/Layer 2 router would continue sending inter-area traffic to the Layer 1/Layer 2 router and cause the traffic to be dropped. For example, in Figure 1, Rtr1 has connections to two Layer 1 areas in addition to the backbone area. If the connection between Rtr1 and its upstream router were lost, Rtr1 would still set the ATT-bit in its LSP. Consequently, NE1 would still send inter-area traffic to Rtr1. However, because Rtr1 has lost its connection to the L2 area, it uses Rtr2 to route inter-area traffic. This causes the traffic to be sent back to NE1. Thus, a routing loop—an undesirable situation—is formed.
To address this problem, Cisco IOS Software implements a new capability to allow users to have greater control of setting the ATT-bit. Instead of setting the ATT-bit whenever seeing other areas, a Cisco router can now set the ATT-bit based on the criteria specified in a route map. Users can use the "match" command associated with a route map to match a Connectionless Network Service (CLNS) area address. When the specified area address is not found in the CLNS routing table, the "match" condition fails, the route map is said to "not be satisfied," and the ATT-bit will not be set. A complete configuration example will be discussed in the "Feature Usage Examples" section.
Command Syntax
This new command is configured under "router isis <name>". It enables the ATT-bit control capability.
router(config-router)#set-attach-bit route-map <map name>
Here is an example of a route map.
!clns filter-set BB_Area_Address permit 39.0000!route-map <map name> permit 10match clns address BB_Area_Address!Benefit
This procedure provides more control over setting the ATT-bit to avert the dropping of packets.
Feature Usage Examples
Example 1
A lab example demonstrates how this new feature is used (Figure 2).
Figure 2
Sample CLNS Network Topology
In Figure 2, 72-R1 and 72-R2 are the Layer 1/Layer 2 boundary routers connecting to multiple Layer 1 areas—Area 1 and Area 2—as well as the backbone area. The area addresses are 39.0001, 39.0002, and 39.0000 for Area 1, Area 2, and the backbone area, respectively. Routers 72-R1 and 72-R2 have the ATT-bit set. To reach Router 75-R1 in the backbone area, 26-R1 uses the 72-R1 L1/L2 router because it is closer than 72-R2. Similarly, 26-R2 uses the 72-R2 L1/L2 router. Router 72-e can use either 72-R1 or 72-R2 because 72-e is equidistant to each. We can observe this by the following traceroute output.
(Note: The last two octets of the system ID of the routers in Figure 2 are meant to represent the router's name; that is, 72-R1 has "7201" as the last two octets in its system ID, and 72-R2 has "7202.")
2600-R1#traceroute 39.0000.0000.0000.7500.00Type escape sequence to abort.Tracing the route to 39.0000.0000.0000.7500.001 39.0001.0000.0000.7201.00 0 msec ! 0 msec ! 0 msec !2 39.0000.0000.0000.7500.00 0 msec ! 0 msec ! 0 msec !2600-R1#2600-R2#traceroute 39.0000.0000.0000.7500.00Type escape sequence to abort.Tracing the route to 39.0000.0000.0000.7500.001 39.0001.0000.0000.7202.00 0 msec ! 0 msec ! 0 msec !2 39.0000.0000.0000.7500.00 0 msec ! 0 msec ! 0 msec !pf1-72e#traceroute 39.0000.0000.0000.7500.00Type escape sequence to abort.Tracing the route to 39.0000.0000.0000.7500.001 39.0001.0000.0000.2602.00 0 msec !39.0001.0000.0000.2601.00 0 msec !39.0001.0000.0000.2602.00 0 msec !2 39.0001.0000.0000.7201.00 0 msec !39.0001.0000.0000.7202.00 0 msec !39.0001.0000.0000.7201.00 0 msec !3 39.0000.0000.0000.7500.00 0 msec ! 0 msec ! 0 msec !The ATT-bit setting can be observed by "show isis database" output.
72-R1#sh isis databaseArea Area1:IS-IS Level-1 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL2600-R1.00-00 0x0000007A 0x7861 1127 0/0/02600-R1.01-00 0x00000079 0x3DDC 412 0/0/02600-R1.02-00 0x00000079 0xD14B 782 0/0/02600-R2.00-00 0x0000007D 0x6DC7 855 0/0/072-R1.00-00 * 0x00000078 0xF855 888 1/0/072-R2.00-00 0x0000007C 0x6791 567 1/0/072-R2.01-00 0x00000005 0x0DE8 732 0/0/072-R2.02-00 0x00000077 0x01CC 597 0/0/0pf1-72e.00-00 0x00000008 0x03CD 584 0/0/0pf1-72e.02-00 0x00000006 0xF347 972 0/0/0IS-IS Level-2 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL72-R1.00-00 * 0x00000079 0x4B7D 883 0/0/072-R1.01-00 * 0x00000001 0xBBC6 883 0/0/072-R1.02-00 * 0x00000076 0x8A83 679 0/0/072-R2.00-00 0x00000079 0x4EB8 1049 0/0/072-R2.01-00 0x00000078 0xD236 1035 0/0/075-R1.00-00 0x000000A8 0xB91E 880 0/0/0Area Area2:IS-IS Level-1 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL72-R1.00-00 * 0x00000075 0x4DCF 330 1/0/072-R1#To trigger the issue discussed earlier, we will shut down the interface between 72-R1 and 75-R1, which simulates the loss of backbone connection. Because 72-R1 still sees two area addresses—39.0001 and 39.0002—it would still set the ATT-bit. We can observe this in the following show output.
72-R1#conf tEnter configuration commands, one per line. End with CNTL/Z.72-R1(config)#int e2/172-R1(config-if)#sh72-R1(config-if)#shutdown72-R1(config-if)#1d07h: %LINK-5-CHANGED: Interface Ethernet2/1, changed state to administratively down1d07h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet2/1, changed state to down72-R1(config-if)#end72-R1#sh i1d07h: %SYS-5-CONFIG_I: Configured from console by console72-R1#sh isis da72-R1#sh isis database 72-R1.00-00Area Area1:IS-IS Level-1 LSP 72-R1.00-00LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL72-R1.00-00 * 0x00000079 0xC295 1174 1/0/0IS-IS Level-2 LSP 72-R1.00-00LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL72-R1.00-00 * 0x0000007A 0xC210 1174 0/0/0Area Area2:IS-IS Level-1 LSP 72-R1.00-00LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL72-R1.00-00 * 0x00000076 0x4BD0 739 1/0/072-R1#Now use the traceroute command again from 26-R1 to 75-R1.
2600-R1#traceroute 39.0000.0000.0000.7500.00Type escape sequence to abort.Tracing the route to 39.0000.0000.0000.7500.001 39.0001.0000.0000.7201.00 4 msec ! 0 msec ! 0 msec !2 39.0001.0000.0000.2601.00 0 msec ! 0 msec ! 0 msec !3 39.0001.0000.0000.7201.00 0 msec ! 0 msec ! 0 msec !4 39.0001.0000.0000.2601.00 0 msec ! 0 msec ! 0 msec !5 39.0001.0000.0000.7201.00 0 msec ! 0 msec ! 0 msec !6 39.0001.0000.0000.2601.00 0 msec ! 0 msec ! 0 msec !7 39.0001.0000.0000.7201.00 4 msec ! 4 msec ! 4 msec !8 39.0001.0000.0000.2601.00 4 msec ! 4 msec ! 4 msec !9 39.0001.0000.0000.7201.00 4 msec ! 4 msec ! 4 msec !10 39.0001.0000.0000.2601.00 4 msec ! 4 msec ! 4 msec !11 39.0001.0000.0000.7201.00 4 msec ! 4 msec ! 4 msec !12 39.0001.0000.0000.2601.00 4 msec ! 4 msec ! 4 msec !13 39.0001.0000.0000.7201.00 4 msec ! 4 msec ! 4 msec !14 39.0001.0000.0000.2601.00 4 msec ! 4 msec ! 4 msec !15 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 4 msec !16 39.0001.0000.0000.2601.00 4 msec ! 8 msec ! 4 msec !17 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 8 msec !18 39.0001.0000.0000.2601.00 8 msec ! 8 msec ! 8 msec !19 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 8 msec !20 39.0001.0000.0000.2601.00 8 msec ! 8 msec ! 8 msec !21 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 8 msec !22 39.0001.0000.0000.2601.00 8 msec ! 8 msec ! 8 msec !23 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 8 msec !24 39.0001.0000.0000.2601.00 8 msec ! 8 msec ! 8 msec !25 39.0001.0000.0000.7201.00 12 msec ! 12 msec ! 12 msec !26 39.0001.0000.0000.2601.00 12 msec ! 12 msec ! 12 msec !27 39.0001.0000.0000.7201.00 12 msec ! 12 msec ! 12 msec !28 39.0001.0000.0000.2601.00 12 msec ! 12 msec ! 12 msec !29 39.0001.0000.0000.7201.00 12 msec ! 12 msec ! 12 msec !30 39.0001.0000.0000.2601.00 12 msec ! 12 msec ! 12 msec !2600-R1#The packets are looping between 26-R1 and 72-R1.
To address this issue, we will apply the ATT-bit control capability on 72-R1. We add the following configuration to 72-R1.
!clns filter-set BB_Area_Address permit 39.0000!router isis Area1net 39.0001.0000.0000.7201.00set-attached-bit route-map Is_BB_Connection_Up!route-map Is_BB_Connection_Up permit 10match clns address BB_Area_Address!With the configuration above, 72-R1 sets the ATT-bit only if the "Is_BB_Connection_Up" route map is satisfied. The route map is satisfied only if the "39.0000" backbone area address is in the Layer 2 CLNS routing table. Because 72-R1 has lost the connection to the backbone area, it would not have the "39.0000" area address in its Layer 2 CLNS routing table. Thus, the route map is not satisfied, and 72-R1 should no longer set the ATT-bit. The following output shows the ATT-bit from 72-R1 is not set after applying the configuration above.
72-R1#sh isis databaseArea Area1:IS-IS Level-1 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL2600-R1.00-00 0x0000007B 0x7662 398 0/0/02600-R1.01-00 0x0000007C 0x37DF 1197 0/0/02600-R1.02-00 0x0000007B 0xCD4D 868 0/0/02600-R2.00-00 0x0000007F 0x69C9 769 0/0/072-R1.00-00 * 0x00000083 0xA6AF 1196 0/0/072-R1.01-00 * 0x00000004 0x09EF 1185 0/0/072-R2.00-00 0x0000007E 0x6393 611 1/0/072-R2.01-00 0x00000007 0x09EA 708 0/0/072-R2.02-00 0x00000079 0xFCCE 594 0/0/0pf1-72e.00-00 0x0000000A 0xFECF 621 0/0/0pf1-72e.02-00 0x00000008 0xEF49 926 0/0/0IS-IS Level-2 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL72-R1.00-00 * 0x0000007F 0xB815 1183 0/0/072-R1.01-00 * 0x00000007 0x700E 1184 0/0/072-R1.02-00 * 0x00000079 0x8486 1094 0/0/072-R2.00-00 0x0000007B 0x4ABA 1151 0/0/072-R2.01-00 0x0000007A 0xCE38 988 0/0/075-R1.00-00 0x000000AF 0xAB25 1142 0/0/0Area Area2:IS-IS Level-1 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL72-R1.00-00 * 0x00000001 0x365B 1099 1/0/0We will repeat the traceroute from 26-R1.
2600-R1#traceroute 39.0000.0000.0000.7500.00Type escape sequence to abort.Tracing the route to 39.0000.0000.0000.7500.001 39.0001.0000.0000.7205.00 0 msec ! 0 msec ! 0 msec !2 39.0001.0000.0000.2602.00 0 msec ! 0 msec ! 0 msec !3 39.0001.0000.0000.7202.00 0 msec ! 0 msec ! 0 msec !4 39.0000.0000.0000.7500.00 0 msec ! 0 msec ! 0 msec !We see that the traffic now uses 72-R2 to reach the backbone 75-R1. The issue is resolved.
Example 2
The ATT-bit control feature can also be used in more complex networks. In this example, we will discuss how to use the ATT-bit control feature to deal with the failure of the backbone connection occurring on an upstream router of a Layer 1/Layer 2 router and not on the Layer 1/Layer 2 router itself (Figure 3).
Figure 3
CLNS Network with Multi-area Connecting to Backbone via A Layer 2 Router
The only direct connection from Rtr1 to the rest of backbone area is via the link between itself to Rtr2. When the link fails, Rtr1 loses the connection to the backbone. The two L1/L2 routers connecting to Rtr1 L2 in Area 1 and Area 2 still have the backbone area address, 39.0000. This is because they still have a Layer 2 adjacency to Rtr1 L2 and Rtr1 is part of the 39.0000 area. Thus, the two L1/L2 routers would still set the ATT-bit in the Layer 1 LSP to the local area. As a result, the inter-area traffic from each local area will still send to the two L1/L2 routers, then to Rtr1 L2, and finally drop by Rtr1 L2.
Thus, we cannot just use the 39.0000 area address to satisfy the route map because the Layer 1/Layer 2 routers will still have the 39.0000 area address in their routing tables. Instead, we can create another area address in the backbone area as a "beacon" area address and use it to satisfy the route map (Figure 4).
Figure 4
Using ATT-bit Control with Beacon Area To Avoid Potential Routing Blackhole
This beacon address should be set somewhere behind Rtr1 L2. The idea is that if L2 Rtr1 loses its connection to the backbone, the "beacon" area address is also lost. In turn, so would the two L1/L2 routers. With this setup, when L2 Rtr1 loses its backbone connection, the two L1/L2 routers will clear the ATT-bit. The inter-area traffic from each local area will then use the other L1/L2 router.
The configuration would look like this:
On Rtr2:!router isis Backbone_Areanet 39.0000.xxxx.xxxx.xxxx.xxnet 39.9999.xxxx.xxxx.xxxx.xx ! Beacon area address!On the L1/L2 routers connecting to Rtr1!clns filter-set Beacon_Area_Address permit 39.9999!router isis Area1net 39.0001.xxxx.xxxx.xxxx.xxset-attached-bit route-map Is_BB_Connection_Up!route-map Is_BB_Connection_Up permit 10match clns address Beacon_Area_Address!Software
•
Cisco IOS Software Release 12.2(4)T
Reference
•
