Professional Documents
Culture Documents
01-08 IPv6 Is-Is Configuration
01-08 IPv6 Is-Is Configuration
01-08 IPv6 Is-Is Configuration
Ethernet Switches
Configuration Guide - IP Unicast Routing 8 IPv6 IS-IS Configuration
Purpose
IS-IS is a dynamic routing protocol initially designed by the International
Organization for Standardization (ISO) for its Connectionless Network Protocol
(CLNP).
To support IP routing, the Internet Engineering Task Force (IETF) extended and
modified IS-IS in RFC 1195. This modification enables IS-IS to apply to TCP/IP and
OSI environments. This type of IS-IS is called Integrated IS-IS or Dual IS-IS.
NOTE
IS-IS stated in this document refers to Integrated IS-IS, unless otherwise stated.
Licensing Requirements
IPv6 IS-IS is a basic feature of a switch and is not under license control.
NOTE
For details about software mappings, visit Info-Finder and search for the desired product
model.
Feature Limitations
None.
IS-IS Disabled
DIS priority 64
Pre-configuration Tasks
Before configuring basic IPv6 IS-IS functions, complete the following tasks:
Configuration Procedure
1. Create an IS-IS process.
2. Configure a network entity title (NET).
3. Configure a device level.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis [ process-id ]
An IS-IS process is created, and the IS-IS process view is displayed.
The process-id parameter specifies the ID of an IS-IS process. The default process
ID is 1.
Step 3 (Optional) Run description description
A description for the IS-IS process is configured.
Step 4 (Optional) Enable IS-IS to add the POI and hostname TLV to Purge LSPs.
Run purge-originator-identification enable [ always ]
IS-IS is enabled to determine whether to add the POI TLV and hostname TLV to
Purge LSPs based on the authentication configuration.
● If the purge-originator-identification enable command is run and any
authentication is configured, generated Purge LSPs do not carry the POI TLV
or hostname TLV.
● If the purge-originator-identification enable command is run and no
authentication is configured, generated Purge LSPs carry the POI TLV or
hostname TLV.
● If the purge-originator-identification enable always command is run,
generated Purge LSPs carry the POI TLV and hostname TLV, regardless of
whether authentication is configured.
----End
Therefore, a maximum of three NETs can be configured for an IS-IS process. When
configuring multiple NETs, ensure that their system IDs are the same.
IS-IS can run on an IPv6 topology only when IPv6 is enabled on an IS-IS process.
Procedure
Step 1 Run system-view
A NET is configured.
NOTE
----End
Context
Configure a device level according to network planning requirements:
● A Level-1 device can establish neighbor relationships with only Level-1 and
Level-1-2 routers in the same area and maintains only Level-1 LSDBs.
● A Level-2 device can establish neighbor relationship with Level-2 routers in
the same area or different areas and with Level-1-2 routers in different areas
and maintain only Level-2 LSDB.
● A Level-1-2 device can establish neighbor relationships with Level-1 and
Level-2 routers and maintain Level-1 and Level-2 LSDBs.
NOTICE
If the levels of IS-IS devices are changed during network operation, the IS-IS
process will be restarted, and IS-IS neighbor relationships will be disconnected.
Setting the levels of devices when configuring IS-IS is recommended.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis [ process-id ]
The IS-IS process view is displayed.
Step 3 Run is-level { level-1 | level-1-2 | level-2 }
A level is configured for the switch.
By default, the level of the switch is Level-1-2.
----End
Procedure
● Establish an IS-IS neighbor relationship on a broadcast link.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
NOTE
NOTE
Changing the level of an IS-IS interface is valid only when the level of the IS-IS
device is Level-1-2. If the level of the device is not Level-1-2, the level of the
device determines the level of the established neighbor relationship.
g. (Optional) Run isis dis-priority priority [ level-1 | level-2 ]
A DIS priority is set for the interface. A larger value indicates a higher
priority.
NOTE
NOTE
This command applies only to PPP interfaces and is invalid for other P2P
interfaces.
After this command is run, the OSICP negotiation status of a PPP interface
affects the status of an IS-IS interface. When PPP detects that the OSI network
fails, the link status of the IS-IS interface goes Down, and the routes of the
network segment where the interface resides are not advertised through LSPs.
----End
Pre-configuration Tasks
Before improving IS-IS network security, configure basic IPv6 IS-IS functions.
Configuration Procedure
You can perform the following configuration tasks (excluding the task of Verifying
the IPv6 IS-IS Network Security Optimization Configuration) in any sequence.
NOTICE
If plain is selected during the configuration of the authentication mode for the IS-
IS interface, the password is saved in the configuration file in plain text. This
brings security risks. It is recommended that you select cipher to save the
password in cipher text.
Simple authentication and MD5 authentication have potential security risks.
HMAC-SHA256 authentication mode is recommended.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
NOTE
Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
Step 4 Run any of the following commands to configure an authentication mode for the
IS-IS interface as required:
● Run isis authentication-mode simple { plain plain-text | [ cipher ] plain-
cipher-text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]
Simple authentication is configured for the IS-IS interface.
● Run isis authentication-mode md5 { plain plain-text | [ cipher ] plain-
cipher-text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]
MD5 authentication is configured for the IS-IS interface.
● Run isis authentication-mode hmac-sha256 key-id key-id { plain plain-text |
[ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ send-only ]
HMAC-SHA256 authentication is configured for the IS-IS interface.
● Run isis authentication-mode keychain keychain-name [ level-1 | level-2 ]
[ send-only ]
The Keychain authentication is configured for the IS-IS interface.
By default, an IS-IS interface does not authenticate received Hello packets and no
authentication password is configured on the interface.
NOTE
----End
NOTICE
NOTE
When configuring IS-IS authentication, the area or domain authentication modes and
passwords of the routers in the same area must be consistent so that IS-IS packets can be
flooded normally.
Whether IS-IS packets can pass area or domain authentication does not affect the
establishment of Level-1 or Level-2 neighbor relationships.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis [ process-id ]
The IS-IS process view is displayed.
Step 3 Perform the following operations in any sequence as required.
● Run area-authentication-mode { { simple | md5 } { plain plain-text |
[ cipher ] plain-cipher-text } [ ip | osi ] | keychain keychain-name | hmac-
sha256 key-id key-id } [ snp-packet { authentication-avoid | send-only } |
all-send-only ]
The area authentication mode is configured.
By default, the system neither encapsulates generated Level-1 packets with
authentication information nor authenticates received Level-1 packets.
● Run domain-authentication-mode { { simple | md5 } { plain plain-text |
[ cipher ] plain-cipher-text } [ ip | osi ] | keychain keychain-name | hmac-
sha256 key-id key-id } [ snp-packet { authentication-avoid | send-only } |
all-send-only ]
The domain authentication mode is configured.
By default, the system neither encapsulates generated Level-2 packets with
authentication information nor authenticates received Level-2 packets.
NOTE
Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support keychain keychain-name.
The authentication involves the following situations:
● The device encapsulates the authentication mode into LSPs and SNPs to be sent and
checks whether the received packets pass authentication. Then, the device discards the
packets that do not pass the authentication. In this case, the parameter snp-packet or
all-send-only is not specified.
● The device encapsulates authentication information into LSPs to be sent and checks
whether the received LSPs pass the authentication; the device neither encapsulates the
SNPs to be sent with authentication information nor checks whether the received SNPs
pass the authentication. In this case, the parameter snp-packet authentication-avoid
needs to be specified.
● The device encapsulates the LSPs and SNPs to be sent with authentication information;
the device, however, checks the authentication mode of only the received LSPs rather
than the received SNPs. In this case, the parameter snp-packet send-only needs to be
specified.
● The device encapsulates the LSPs and SNPs to be sent with authentication information,
but does not check whether the received LSPs or SNPs pass the authentication. In this
case, the parameter all-send-only needs to be specified.
----End
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis
An IS-IS process is created and the IS-IS view is displayed.
Step 3 Run optional-checksum enable
IS-IS optional checksum is enabled.
NOTE
----End
Pre-configuration Tasks
Before configuring IS-IS route selection, configure basic IPv6 IS-IS functions.
Configuration Procedure
You can perform the following configuration tasks (excluding the task of Verifying
the IPv6 IS-IS Route Selection Control Configuration) in any sequence.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis [ process-id ]
The IS-IS view is displayed.
The default IS-IS IPv6 route preference value is 15. A smaller preference value
indicates a higher preference.
----End
If no cost is configured for an IS-IS interface, the IS-IS interface uses the default
cost 10 and cost style narrow.
NOTICE
If you need to change the cost style of IS-IS devices, change it during the
configuration of basic IS-IS functions is recommended. If the cost style of IS-IS
devices is changed during network operation, the IS-IS process will be restarted,
and the neighbor relationship will be re-established.
Procedure
Step 1 Configure an IS-IS cost style.
1. Run system-view
By default, the cost style of routes received and sent by an IS-IS device is
narrow.
The cost range of an interface and a route received by the interface vary with the
cost type.
● If the cost style is narrow, the cost of an interface ranges from 1 to 63. The
maximum cost of a route received by the interface is 1023.
● If the cost style is narrow-compatible or compatible, the cost of an interface
ranges from 1 to 63. The cost of a received route is related to relax-spf-limit.
● If the cost style is wide-compatible or wide, the cost of the interface ranges
from 1 to 16777215. When the cost is 16777215, the neighbor TLV generated
on the link cannot be used for route calculation but for the transmission of TE
information. The maximum cost of a received route is 0xFFFFFFFF.
Step 2 Configure a cost for an IS-IS interface on an IPv6 network.
Perform any of the following operations as required:
Configure a cost for a specified IS-IS interface on an IPv6 network.
1. Run system-view
The system view is displayed.
2. Run interface interface-type interface-number
The interface view is displayed.
3. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
NOTE
NOTE
You can configure the parameter maximum only when the IS-IS cost style is wide or wide-
compatible.
Configure a global IS-IS interface cost on an IPv6 network.
1. Run system-view
The system view is displayed.
2. Run isis [ process-id ]
The IS-IS view is displayed.
3. Run ipv6 circuit-cost { cost | maximum } [ level-1 | level-2 ]
A global IS-IS interface cost on an IPv6 network is configured.
By default, no global cost is configured.
Enable IS-IS interfaces to automatically calculate their costs on an IPv6
network.
1. Run system-view
The system view is displayed.
2. Run isis [ process-id ]
The IS-IS view is displayed.
Table 8-3 Mapping between IS-IS interface costs and interface bandwidth
----End
Procedure
● Configure load balancing among equal-cost IS-IS routes.
a. Run system-view
NOTE
When the number of equal-cost routes is larger than the value specified in the
ipv6 maximum load-balancing command, valid routes are selected for load
balancing based on the following criteria:
1. Route preference: Routes with higher preferences are selected for load
balancing.
2. Next hop system ID: If routes have the same preference, routes with smaller
system IDs are selected for load balancing.
3. Interface index: If routes have the same preference and system ID, routes with
lower interface index values are selected for load balancing.
----End
Procedure
● Specify IS-IS IPv6 routes in the Level-2 area and other Level-1 areas that can
be leaked into the local Level-1 area.
a. Run system-view
IS-IS IPv6 routes in the Level-2 area and other Level-1 areas that meet
the specified conditions are leaked into the local Level-1 area.
By default, IS-IS IPv6 routes in the Level-2 area are not leaked into
Level-1 areas.
NOTE
IS-IS IPv6 routes that meet the specified conditions in Level-1 areas are
leaked into the Level-2 area.
NOTE
----End
Context
As defined in the IS-IS protocol, if a Level-1-2 device reaches more areas through a
Level-2 area than through a Level-1 area based on the link state database (LSDB),
the Level-1-2 device sets the ATT bit to 1 in the LSPs and sends the LSPs with the
ATT bit 1 to the Level-1 device. Upon receipt, the Level-1 device generates a
default route destined for the Level-1-2 device.
The preceding rules are used by default. You can set the ATT bit as required on a
live network.
Procedure
Step 1 Run system-view
----End
Procedure
● Run the display isis route [ process-id | vpn-instance vpn-instance-name ]
ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] *
command to check IS-IS routing information.
● Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-
name symbolic-name } ] * [ process-id | vpn-instance vpn-instance-name ]
command to check information in the IS-IS LSDB.
----End
Pre-configuration Tasks
Before controlling IS-IS route exchange, configure basic IPv6 IS-IS functions.
Configuration Procedure
You can perform the following configuration tasks (excluding the task of Verifying
the IPv6 IS-IS Route Exchange Control Configuration) in any sequence.
Configuring a static default route can also allow all the traffic to be first forwarded to a
border device, which then forwards the traffic outside an IS-IS routing domain. However,
this method leads to heavy workload in configuration and management when a large
number of devices are deployed on the network.
In addition, advertising default routes using IS-IS is flexible. If multiple border devices are
deployed, a routing policy can be configured to allow only the border device that meets the
specified conditions to advertise a default route, preventing routing blackholes.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run ipv6 default-route-advertise [ always | match default | route-policy route-
policy-name ] [ cost cost | tag tag | [ level-1 | level-1-2 | level-2 ] ] * [ avoid-
learning ]
IS-IS is configured to advertise a default IPv6 route.
By default, IS-IS does not advertise a default route.
----End
Procedure
Step 1 Run system-view
IS-IS will advertise all imported external routes to the IS-IS routing domain by default.
----End
Context
When the local IS-IS device advertises imported external routes to other IS-IS
devices, routing policies can be configured to advertise only the external routes
that meet specified conditions if these devices do not require all the imported
external routes.
Procedure
Step 1 Run system-view
----End
Context
Only routes in an IPv6 routing table can be used to forward IPv6 packets. An IS-IS
route can take effect only after this IS-IS route has been successfully added to an
IPv6 routing table.
If an IS-IS route does not need to be added to a routing table, specify conditions,
such as IPv6 prefix, and routing policy, to filter the route. IS-IS routes that do not
meet the specified conditions cannot be added to the IPv6 routing table and
cannot be selected to forward IPv6 packets.
Procedure
Step 1 Run system-view
----End
Procedure
● Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-
name symbolic-name } ] * [ process-id | vpn-instance vpn-instance-name ]
command to check IS-IS LSDB information.
● Run the display isis route [ process-id | vpn-instance vpn-instance-name ]
ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] *
command to check IS-IS routing information.
● Run the display ipv6 routing-table command to check the IPv6 routing table.
----End
Pre-configuration Tasks
Before configuring IS-IS route summarization, configures basic IPv6 IS-IS
functions.
Procedure
Step 1 Run system-view
The specified IPv6 IS-IS routes are summarized into one IS-IS route.
NOTE
After route summarization is configured on a device, the local routing table still contains all
specific routes before the summarization. The routing tables on other devices contain only
the summary route, and the summary route is deleted only after all its specific routes are
deleted.
----End
Pre-configuration Tasks
Before configuring IS-IS route convergence, configure basic IPv6 IS-IS functions.
Configuration Procedure
You can perform the following configuration tasks (excluding the task of Verifying
the IPv6 IS-IS Route Convergence Control Configuration) in any sequence.
Context
IS-IS maintains neighbor relationships by sending and receiving Hello packets. If
the local device does not receive Hello packets from its neighbor within a specified
period, the device considers the neighbor Down.
In IS-IS, you can set the interval for sending Hello packets and the holding
multiplier of neighboring devices to control the holdtime of neighbor relationships
between the local device and neighbors.
● If the interval for sending Hello packets is too short, more system resources
are consumed to send Hello packets, causing a heavy CPU load.
● If the holdtime of neighboring devices is too long, the local device needs to
spend much time detecting the failure of neighbors, slowing down IS-IS route
convergence. If the holdtime of neighboring devices is too short, some Hello
packets may be lost or become incorrect because of network transmission
delay and errors. This will cause neighbor relationships to frequently alternate
between Up and Down and lead to route flapping on the IS-IS network.
NOTE
You are advised to set the same interval for sending Hello packets and same holding
multiplier of neighboring devices on all the devices on the IS-IS network. This method
prevents IS-IS route convergence from being slowed down when some devices detect
link failures at a lower speed than other devices.
Procedure
● Configure an interval for sending Hello packets.
a. Run system-view
NOTE
NOTE
NOTE
NOTE
----End
LSP fast Control When an IS-IS switch receives new LSPs from other
flooding the switches, it updates the LSPs in the local LSDB and
number of periodically floods out the updated LSPs according
LSPs to a timer. LSP fast flooding updates the preceding
flooded method. When a device configured with LSP fast
each time flooding receives one or more new LSPs, it floods
on an out the LSPs with a number smaller than the
interface specified number before calculating routes. This
to speed speeds up LSDB synchronization.
up IS-IS
network
convergen
ce.
Procedure
● Set a maximum length for LSPs.
a. Run system-view
The system view is displayed.
b. Run isis [ process-id ]
The IS-IS view is displayed.
c. Set a maximum length for LSPs.
NOTE
Ensure that the value of max-size for LSPs to be generated must be smaller than
or equal to the value of max-size for LSPs to be received.
The value of max-size set through the lsp-length command must meet the
following requirements; otherwise, the MTU status on the interface is considered
Down.
● The MTU of an Ethernet interface must be greater than or equal to the sum
of the value of max-size and 3.
● The MTU of a P2P interface must be greater than or equal to the value of
max-size.
● Set a maximum lifetime for LSPs.
a. Run system-view
The system view is displayed.
b. Run isis [ process-id ]
The IS-IS view is displayed.
c. Run timer lsp-max-age age-time
A maximum lifetime is set for LSPs.
By default, the maximum lifetime of LSPs is 1200 seconds.
● Set a refresh interval for LSPs.
a. Run system-view
The system view is displayed.
b. Run isis [ process-id ]
The IS-IS view is displayed.
c. Run timer lsp-refresh refresh-time
A refresh interval is set for LSPs.
By default, the LSP refresh interval is 900s.
NOTE
Ensure that the LSP refresh interval is more than 300s shorter than the maximum
LSP lifetime. This allows new LSPs to reach all devices in an area before existing
LSPs expire.
The larger a network, the greater the deviation between the LSP refresh interval
and the maximum LSP lifetime.
● Set a minimum interval at which LSPs are sent.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
NOTE
greater than the value of lsp-count, lsp-count takes effect. If the number
of LSPs to be sent is smaller than the value of lsp-count, LSPs of the
actual number are sent. If a timer is configured and the configured timer
does not expire before the route calculation, the LSPs are flooded
immediately when being received; otherwise, the LSPs are sent when the
timer expires.
When LSP fast flooding is enabled, Level-1 LSPs and Level-2 LSPs are fast
flooded by default if no level is specified.
● Set an interval at which LSPs are retransmitted over a P2P link.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
NOTE
NOTE
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
NOTE
Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
NOTE
----End
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run timer spf max-interval [ init-interval [ incr-interval ] ]
An SPF intelligent timer is configured.
By default, no SPF intelligent timer is configured and the maximum delay in SPF
calculation is 5 seconds.
----End
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis [ process-id ]
The IS-IS view is displayed.
Step 3 Run ipv6 prefix-priority [ level-1 | level-2 ] { critical | high | medium } { ipv6-
prefix prefix-name | tag tag-value }
Convergence priorities are set for IS-IS routes.
By default, the convergence priority of 32-bit host routes is medium, and the
convergence priority of the other IS-IS routes is low.
NOTE
----End
Procedure
● Run the display isis interface [ verbose ] [ process-id | vpn-instance vpn-
instance-name ] command to check IS-IS packet information.
● Run the display isis route [ process-id | vpn-instance vpn-instance-name ]
ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] *
command to check IS-IS route information.
----End
Pre-configuration Tasks
Before configuring LSP fragment extension, configure basic IPv6 IS-IS functions.
NOTE
When a new device connects to an IS-IS network, you are advised to configure LSP
fragment extension and virtual systems before establishing IS-IS neighbors or importing
routes. If you establish IS-IS neighbors or import routes, which causes IS-IS to carry much
information that cannot be loaded through 256 fragments, you must configure LSP
fragment extension and virtual systems. The configurations, however, take effect only after
you restart the IS-IS process.
Procedure
Step 1 Run system-view
NOTE
If there are devices of other manufacturers on the network, LSP fragment extension must
be set to mode-1. Otherwise, devices of other manufacturers cannot identify LSPs.
----End
Pre-configuration Tasks
Before configuring a mesh group, configure basic IPv6 IS-IS functions.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
NOTE
Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
----End
Pre-configuration Tasks
Before configuring IS-IS reliability, configure basic IPv6 IS-IS functions.
Configuration Procedure
You can perform the following configuration tasks in any sequence as required.
Context
The switch supports dynamic BFD for IPv6 IS-IS, but not static BFD for IPv6 IS-IS.
Without BFD, connection status between an IS-IS device and its neighbors can be
monitored only by exchanging Hello packets at intervals. The minimum allowable
sending interval is 3s, and a neighbor is declared Down after at least three
intervals during which no response Hello packet is received from the neighbor. IS-
IS takes more than one second to detect that a neighbor becomes Down, resulting
in loss of a large amount of high-speed data.
NOTE
Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S BFD for IS-IS.
Pre-configuration Tasks
Before configuring dynamic BFD for IPv6 IS-IS, complete the following tasks:
● Configure IPv6 addresses for interfaces to ensure that neighbor nodes are
reachable.
● Configure IPv6 IS-IS functions to ensure that each node is reachable at the
network layer.
Configuration Roadmap
The configuration roadmap is as follows:
No. Data
You can use either of the following methods to enable BFD for IPv6 IS-IS:
● Enable dynamic BFD for specified IS-IS IPv6 processes. This method is
recommended if you need to enable dynamic BFD for IPv6 IS-IS on a large
number of IS-IS interfaces.
● Enable dynamic BFD for specified IPv6 interfaces. This method is
recommended if you need to enable dynamic BFD for IPv6 IS-IS on a small
number of IS-IS interfaces.
Procedure
● Enable dynamic BFD for an IS-IS IPv6 process.
a. Run system-view
The system view is displayed.
b. Run bfd
BFD is enabled globally.
c. Run quit
The system view is displayed.
d. Run isis process-id
The IS-IS view is displayed.
e. Run ipv6 bfd all-interfaces enable
BFD for IS-IS is enabled.
After BFD is enabled globally and the neighbor status is Up, default BFD
parameters will be used to establish BFD sessions on all interfaces.
f. (Optional) Run ipv6 bfd all-interfaces { min-rx-interval receive-interval
| min-tx-interval transmit-interval | detect-multiplier multiplier-value } *
The parameters for establishing BFD sessions are set for all interfaces.
The command execution result is applicable to BFD session parameters
on all IS-IS interfaces.
g. Run quit
The system view is displayed.
To disable the BFD function on an interface, run the isis ipv6 bfd block
command in the interface view to disable the interface from establishing
BFD sessions.
● Enable dynamic BFD on an IS-IS IPv6 interface.
a. Run system-view
The system view is displayed.
b. Run bfd
BFD is enabled globally.
c. Run quit
The system view is displayed.
d. Run interface interface-type interface-number
The view of the specified interface is displayed.
e. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
NOTE
----End
Pre-configuration Tasks
Before configuring the overload bit for an IS-IS device, configure basic IPv6 IS-IS
functions.
Procedure
Step 1 Run system-view
----End
Context
To reset IS-IS, reset IS-IS data structure, neighbor relationship and packets
NOTICE
The IS-IS data structure cannot be restored after you reset it. All the previous
structure information and the neighbor relationship are reset. Exercise caution
when running this command.
The specified IS-IS neighbor relationship is deleted after you reset a specified IS-IS
neighbor. Exercise caution when running this command.
Procedure
● Reset IS-IS data structure.
----End
Context
The administrator can improve the maintainability of IS-IS using either of the
following methods:
● Configuring IS-IS host name mapping: Through this function, the
administrator can use a simple name to replace the system ID. After IS-IS host
name mapping is configured, the dynamic name is displayed in the IS-IS
information to replace the system ID when the display command is executed.
This improves the maintainability of IS-IS networks.
● Configuring IS-IS to add the POI TLV to a PURGE packet: When the value of
the Remaining Lifetime field in an LSP packet is 0, this packet is invalid and
called a PURGE packet. PURGE packets do not record information about the
devices generating these packets. Therefore, when a network is faulty, the
packet source cannot be located. To solve this problem, IS-IS can be
configured to add the POI TLV to a PURGE packet so that the PURGE packet
contains information about its generating device. If the dynamic host name
function is configured locally, the host name TLV is also added to the PURGE
packet to facilitate fault location.
Procedure
Step 1 Run system-view
----End
Context
On an IS-IS network, neighbor flapping will result in network instability and
frequent network convergence. This will consume lots of memory and may even
cause user traffic loss. Therefore, neighbor flapping needs to be rapidly located
and solved.
To rapidly locate problems in the case of neighbor flapping, enable the output of
IS-IS adjacency changes to log these changes.
If the local terminal monitor is enabled and the output of the IS-IS adjacency
status is enabled, IS-IS adjacency changes will be output to the router until the
output of the adjacency status is disabled.
Procedure
Step 1 Run system-view
----End
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IPv6 addresses on interfaces of each switch so that the switches can
be interconnected.
Procedure
Step 1 Configure VLANs that interfaces belong to.
# Configure SwitchA. Ensure that the configurations of SwitchB, SwitchC, and
SwitchD are the same as the configuration of SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
Step 2 Enable the capability of IPv6 forwarding and configure IPv6 address for each
interface.
# Configure SwitchA. Ensure that the configurations of SwitchB, SwitchC, and
SwitchD are the same as the configuration of SwitchA.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address fc00:0:0:10::2/64
[SwitchA-Vlanif10] quit
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] ipv6 enable
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] isis ipv6 enable 1
[SwitchB-Vlanif20] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] ipv6 enable
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] isis ipv6 enable 1
[SwitchC-Vlanif10] quit
[SwitchC] interface vlanif 20
[SwitchC-Vlanif20] isis ipv6 enable 1
[SwitchC-Vlanif20] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] isis ipv6 enable 1
[SwitchC-Vlanif30] isis circuit-level level-2
[SwitchC-Vlanif30] quit
# Configure SwitchD.
[SwitchD] isis 1
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[SwitchD-isis-1] ipv6 enable
[SwitchD-isis-1] quit
[SwitchD] interface vlanif 30
[SwitchD-Vlanif30] isis ipv6 enable 1
[SwitchD-Vlanif30] quit
[SwitchD] interface vlanif40
[SwitchD-Vlanif40] isis ipv6 enable 1
[SwitchD-Vlanif40] quit
Local MT IDs :0
Area Address(es) : 10
Peer IPv6 Address(es): FE80::225:9EFF:FEFB:494A
Uptime : 00:02:09
Adj Protocol : IPV6
Restart Capable : YES
Suppressed Adj : NO
Peer System Id : 0000.0000.0002
Total Peer(s): 3
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
ipv6
#
vlan batch 10
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
ipv6 enable topology standard
#
#
interface Vlanif10
ipv6 enable
ipv6 address FC00:0:0:10::2/64
isis ipv6 enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
● SwitchB configuration file
#
sysname SwitchB
#
ipv6
#
vlan batch 20
#
isis 1
is-level level-1
network-entity 10.0000.0000.0002.00
#
ipv6 enable topology standard
#
#
interface Vlanif20
ipv6 enable
ipv6 address FC00:0:0:20::2/64
isis ipv6 enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
return
● SwitchC configuration file
#
sysname SwitchC
#
ipv6
#
vlan batch 10 20 30
#
isis 1
network-entity 10.0000.0000.0003.00
#
ipv6 enable topology standard
#
#
interface Vlanif10
ipv6 enable
ipv6 address FC00:0:0:10::1/64
isis ipv6 enable 1
#
interface Vlanif20
ipv6 enable
ipv6 address FC00:0:0:20::1/64
isis ipv6 enable 1
#
interface Vlanif30
ipv6 enable
ipv6 address FC00:0:0:30::1/64
isis ipv6 enable 1
isis circuit-level level-2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
return
NOTE
In this scenario, ensure that all connected interfaces have STP disabled. If STP is enabled
and VLANIF interfaces of switches are used to construct a Layer 3 ring network, an
interface on the network will be blocked. As a result, Layer 3 services on the network
cannot run normally.
Figure 8-2 Networking diagram for configuring dynamic BFD for IPv6 IS-IS
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic IS-IS IPv6 functions on each switch.
2. Set link cost values for IS-IS interfaces on each switch to make the path
SwitchA→SwitchB become the primary and the path
SwitchA→SwitchC→SwitchB become the backup.
3. Enable BFD globally on each switch to detect faults on the primary link in
milliseconds.
4. Enable IPv6 BFD for IS-IS in the IS-IS view on each switch so that service
traffic can be fast switched to the backup link when the primary link fails.
Procedure
Step 1 Enable the IPv6 forwarding capability and configure IPv6 addresses for interfaces.
# Configure SwitchA. Ensure that the configurations of SwitchB and SwitchC are
the same as the configuration of SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] ipv6
[SwitchA] interface GigabitEthernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] undo portswitch
[SwitchA-GigabitEthernet0/0/1] ipv6 enable
[SwitchA-GigabitEthernet0/0/1] ipv6 address FC00:3::1 64
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface GigabitEthernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] undo portswitch
[SwitchA-GigabitEthernet0/0/2] ipv6 enable
[SwitchA-GigabitEthernet0/0/2] ipv6 address FC00:1::1 64
[SwitchA-GigabitEthernet0/0/2] quit
# Configure SwitchB.
[SwitchB] isis 10
[SwitchB-isis-10] is-level level-2
[SwitchB-isis-10] network-entity 10.0000.0000.0003.00
[SwitchB-isis-10] ipv6 enable
[SwitchB-isis-10] quit
[SwitchB] interface GigabitEthernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] isis ipv6 enable 10
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface GigabitEthernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] isis ipv6 enable 10
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface GigabitEthernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] isis ipv6 enable 10
[SwitchB-GigabitEthernet0/0/3] quit
# Configure SwitchC.
[SwitchC] isis 10
[SwitchC-isis-10] is-level level-2
[SwitchC-isis-10] network-entity 10.0000.0000.0002.00
[SwitchC-isis-10] ipv6 enable
[SwitchC-isis-10] quit
[SwitchC] interface GigabitEthernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] isis ipv6 enable 10
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface GigabitEthernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] isis ipv6 enable 10
[SwitchC-GigabitEthernet0/0/2] quit
# After the configurations are complete, run the display ipv6 routing-table
command. You can view that the switches have learnt IPv6 routes from each other.
Step 3 Set link cost values for IS-IS interfaces.
# Configure SwitchA.
[SwitchA] interface GigabitEthernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] isis cost 1 level-2
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface GigabitEthernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] isis cost 10 level-2
[SwitchA-GigabitEthernet0/0/2] quit
# Configure SwitchB.
[SwitchB] interface GigabitEthernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] isis cost 1 level-2
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface GigabitEthernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] isis cost 10 level-2
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface GigabitEthernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] isis cost 10 level-2
[SwitchB-GigabitEthernet0/0/3] quit
# Configure SwitchC.
[SwitchC] interface GigabitEthernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] isis cost 10 level-2
[SwitchC-GigabitEthernet0/0/1] quit
# Configure SwitchB.
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] isis 10
[SwitchB-isis-10] ipv6 bfd all-interfaces enable
[SwitchB-isis-10] ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
[SwitchB-isis-10] quit
# Configure SwitchC.
[SwitchC] bfd
[SwitchC-bfd] quit
[SwitchC] isis 10
[SwitchC-isis-10] ipv6 bfd all-interfaces enable
[SwitchC-isis-10] ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
[SwitchC-isis-10] quit
# After the configurations are complete, run the display isis ipv6 bfd session all
command on SwitchA or SwitchB. You can view that IPv6 BFD parameters already
take effect. Take the display on SwitchA as an example:
[SwitchA] display isis ipv6 bfd session all
Summary Count : 1
In the IPv6 routing table, you can view that the backup link transmits traffic after
the primary link fails, the next hop address of the route to FC00:4::/64 becomes
FE80::225:9EFF:FEFB:BFF1, and the outbound interface becomes GE0/0/2.
# Run the display isis ipv6 bfd session all command on SwitchA, and you can
view that only one BFD session is established between SwitchA and SwitchC and
its status is Up.
[SwitchA] display isis ipv6 bfd session all
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
ipv6
#
bfd
#
isis 10
is-level level-2
network-entity 10.0000.0000.0001.00
#
ipv6 enable topology standard
ipv6 bfd all-interfaces enable
ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
#
#
interface GigabitEthernet0/0/1
undo portswitch
ipv6 enable
ipv6 address FC00:3::1/64
isis ipv6 enable 10
isis cost 1 level-2
#
interface GigabitEthernet0/0/2
undo portswitch
ipv6 enable
ipv6 address FC00:1::1/64
isis ipv6 enable 10
isis cost 10 level-2
#
return
● SwitchB configuration file
#
sysname SwitchB
#
ipv6
#
bfd
#
isis 10
is-level level-2
network-entity 10.0000.0000.0003.00
#
ipv6 enable topology standard
ipv6 bfd all-interfaces enable
ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
#
#
interface GigabitEthernet0/0/1
undo portswitch
ipv6 enable
ipv6 address FC00:3::2/64
isis ipv6 enable 10
isis cost 1 level-2
#
interface GigabitEthernet0/0/2
undo portswitch
ipv6 enable
ipv6 address FC00:2::2/64
isis ipv6 enable 10
isis cost 10 level-2
#
interface GigabitEthernet0/0/3
undo portswitch
ipv6 enable
ipv6 address FC00:4::1/64
isis ipv6 enable 10
isis cost 10 level-2
#
return
● SwitchC configuration file
#
sysname SwitchC
#
ipv6
#
bfd
#
isis 10
is-level level-2
network-entity 10.0000.0000.0002.00
#
ipv6 enable topology standard
ipv6 bfd all-interfaces enable
ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
#
#
interface GigabitEthernet0/0/1
undo portswitch
ipv6 enable
ipv6 address FC00:2::1/64
isis ipv6 enable 10
isis cost 10 level-2
#
interface GigabitEthernet0/0/2
undo portswitch
ipv6 enable
ipv6 address FC00:1::2/64
isis ipv6 enable 10
isis cost 10 level-2
#
return