01-08 IPv6 Is-Is Configuration

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 8 IPv6 IS-IS Configuration
8 IPv6 IS-IS Configuration
8.1 Overview of IS-IS

8.2 Understanding IPv6 IS-IS
8.3 Summary of IPv6 IS-IS Configuration Tasks
8.4 Licensing Requirements and Limitations for IPv6 IS-IS
8.5 Default Settings for IPv6 IS-IS
8.6 Configuring Basic IPv6 IS-IS Functions
8.7 Improving IPv6 IS-IS Network Security
8.8 Controlling IPv6 IS-IS Route Selection
8.9 Controlling IPv6 IS-IS Route Exchange
8.10 Configuring IPv6 IS-IS Route Summarization
8.11 Controlling IPv6 IS-IS Route Convergence
8.12 Configuring LSP Fragment Extension
8.13 Configuring a Mesh Group on an NBMA Network
8.14 Configuring IPv6 IS-IS Reliability
8.15 Configuring the Overload Bit for an IS-IS Device
8.16 Maintaining IS-IS
8.17 Configuration Examples for IPv6 IS-IS
8.1 Overview of IS-IS

Definition
Intermediate System-to-Intermediate System (IS-IS) is an Interior Gateway
Protocol (IGP) that runs within an autonomous system (AS). IS-IS is also a link-
state routing protocol, using the shortest path first (SPF) algorithm to calculate
routes.
Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 613

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Purpose
IS-IS is a dynamic routing protocol initially designed by the International
Organization for Standardization (ISO) for its Connectionless Network Protocol
(CLNP).
To support IP routing, the Internet Engineering Task Force (IETF) extended and
modified IS-IS in RFC 1195. This modification enables IS-IS to apply to TCP/IP and
OSI environments. This type of IS-IS is called Integrated IS-IS or Dual IS-IS.
NOTE
IS-IS stated in this document refers to Integrated IS-IS, unless otherwise stated.
In addition to IPv4 networks, IS-IS also applies to IPv6 networks to provide

accurate routing information for IPv6 packets. IS-IS has good scalability, supports
IPv6 network layer protocols, and is capable of discovering, generating, and
forwarding IPv6 routes.
8.2 Understanding IPv6 IS-IS
8.2.1 IPv6 IS-IS

IS-IS is a link-state dynamic routing protocol initially designed by the OSI. To
support IPv4 routing, IS-IS is applied to IPv4 networks and called Integrated IS-IS.
As IPv6 networks are built, IS-IS also needs to provide accurate routing
information for IPv6 packet forwarding. IS-IS has good scalability, supports IPv6
network layer protocols, and is capable of discovering, generating, and forwarding
IPv6 routes.
Extended IS-IS for IPv6 is defined in the draft-ietf-isis-ipv6-05 of the IETF. To
process and calculate IPv6 routes, IS-IS uses two new TLVs and one network layer
protocol identifier (NLPID).
The two TLVs are as follows:
● TLV 236 (IPv6 Reachability): describes network reachability by defining the
route prefix and metric.
● TLV 232 (IPv6 Interface Address): is similar to the IP Interface Address TLV of
IPv4, except that it changes a 32-bit IPv4 address to a 128-bit IPv6 address.
The NLPID is an 8-bit field that identifies the protocol packets of the network
layer. The NLPID of IPv6 is 142 (0x8E). If IS-IS supports IPv6, it advertises routing
information through the NLPID value.
8.3 Summary of IPv6 IS-IS Configuration Tasks

After basic IPv6 IS-IS functions are configured, you can build a Layer 3 network
using the IPv6 IS-IS protocol. If other IPv6 IS-IS functions are required, configure
them according to reference sections.
Table 8-1 describes the IS-IS configuration tasks.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Table 8-1 IS-IS configuration tasks

Scenario Description Task
Configuring basic IPv6 To deploy the IS-IS 8.6 Configuring Basic

IS-IS functions protocol on IPv6 IPv6 IS-IS Functions
networks, configure
basic IS-IS functions to
enable communication
between different nodes
on the network. Other
IS-IS features can only be
configured after the
basic functions are
configured.
Configuring IPv6 IS-IS On IS-IS networks, 8.7 Improving IPv6 IS-IS

network security unauthorized users can Network Security
attack the IS-IS network
by modifying data
packets or forging
authorized users. To
ensure security of
services carried on IS-IS
networks, configure area
or domain
authentication and
interface authentication.
Configuring IPv6 IS-IS If multiple redundant 8.8 Controlling IPv6 IS-

route selection links are available in the IS Route Selection
network using the IS-IS
protocol, the route in the
IS-IS routing table may
not be the expected
optimal route. This does
not meet the network
planning and traffic
management
requirements. To
optimize the IS-IS
network and facilitate
traffic management,
more accurate control of
the routes on the
network is required.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuring IPv6 IS-IS In practical applications, 8.9 Controlling IPv6 IS-

routing information to meet network IS Route Exchange
exchange requirements, configure
route policies to
accurately control
advertising and receiving
of IS-IS routing
information.
Configuring IPv6 IS-IS Route aggregation 8.10 Configuring IPv6

route aggregation allows multiple routes IS-IS Route
with the same IP prefix Summarization
to be aggregated into
one route.
Route aggregation on a
large IS-IS network can
effectively reduce entries
in the routing table. This
minimizes system
resource consumption
and facilitates
management. In
addition, if a link in the
aggregated IP address
segment frequently
alternates between Up
and Down, devices
outside this segment will
not be affected by the
change. This prevents
route flapping and
improves network
stability.
Configuring IPv6 IS-IS To enable IS-IS to rapidly 8.11 Controlling IPv6

route convergence detect the network IS-IS Route
changes, speed up the Convergence
IS-IS network
convergence. To
minimize the effect on
networks from route
flapping and reduce load
on the device, slow down
the IS-IS network
convergence.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuring LSP When information 8.12 Configuring LSP

fragment extension contained in the LSP Fragment Extension
data packet Protocol
Data Unit (PDU) to be
advertised by IS-IS
increases greatly, the IS-
IS device will generate
multiple LSP fragments
to carry and advertise
more information.
Configuring mesh groups On the NBMA network, 8.13 Configuring a

when an interface of the Mesh Group on an
switch receives a new NBMA Network
LSP, the LSP is flooded to
other interfaces of the
switch. On highly-
connected networks that
have multiple P2P links,
this processing method
results in repeated LSP
flooding and wastes
bandwidth resources.
To solve this problem,
create a mesh group and
add some interfaces to
the group. The switch
never floods the LSPs
received at interfaces in
the mesh group to other
interfaces from the same
group, and only floods
the LSPs to interfaces
from other groups or
interfaces that are not
configured to any mesh
groups.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuring IPv6 IS-IS If the system cannot 8.15 Configuring the

overload store new LSPs or Overload Bit for an IS-
synchronize the LSDB IS Device
normally, the calculated
routing information will
be incorrect. In this case,
the system can enter the
overload state. Routes
reached through the
device will not be
calculated, but routes
directly connected to the
device will not be
ignored.
When an IS-IS device on
the network requires
upgrade or maintenance,
the device needs to be
temporarily isolated
from the network. To
prevent other devices
from forwarding traffic
through this node, set
the overload bit for the
device.
8.4 Licensing Requirements and Limitations for IPv6 IS-

IS
Involved Network Elements
Other network elements are required to support IPv6 IS-IS.
Licensing Requirements
IPv6 IS-IS is a basic feature of a switch and is not under license control.
Feature Support in V200R020C10

Only the following switch models support IPv6 IS-IS:
S5720I-SI, S5735-S, S5735S-S, S5735-S-I, S5735S-H, S5736-S, S5731-H, S5731-S,
S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6720S-S, S6730-H, S6730S-
H, S6730-S, and S6730S-S

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE
For details about software mappings, visit Info-Finder and search for the desired product
model.
Feature Limitations
None.
8.5 Default Settings for IPv6 IS-IS

Table 8-2 describes the default settings for IPv6 IS-IS.
Table 8-2 Default settings for IPv6 IS-IS
Parameter Default Setting
IS-IS Disabled
DIS priority 64
Device level Level-1-2
Interval for sending Hello packets 10s
Minimum interval for sending LSPs 50 ms
Maximum number of LSPs to be sent 10
Interval for updating LSPs 900s
Maximum lifetime of LSPs 1200s
Bandwidth reference value 100 Mbit/s
8.6 Configuring Basic IPv6 IS-IS Functions
Pre-configuration Tasks
Before configuring basic IPv6 IS-IS functions, complete the following tasks:
● Enable the IPv6 forwarding capability on the device.

● Configure IPv6 addresses for interfaces to ensure that neighboring nodes are
reachable at the network layer.
Configuration Procedure
1. Create an IS-IS process.
2. Configure a network entity title (NET).
3. Configure a device level.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
4. Establish an IS-IS neighbor relationship.
8.6.1 Creating an IS-IS Process

Context
Creating an S-IS process is the prerequisite for performing the IS-IS configuration.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run isis [ process-id ]
An IS-IS process is created, and the IS-IS process view is displayed.
The process-id parameter specifies the ID of an IS-IS process. The default process
ID is 1.
Step 3 (Optional) Run description description
A description for the IS-IS process is configured.
Step 4 (Optional) Enable IS-IS to add the POI and hostname TLV to Purge LSPs.
Run purge-originator-identification enable [ always ]
IS-IS is enabled to determine whether to add the POI TLV and hostname TLV to
Purge LSPs based on the authentication configuration.
● If the purge-originator-identification enable command is run and any
authentication is configured, generated Purge LSPs do not carry the POI TLV
or hostname TLV.
● If the purge-originator-identification enable command is run and no
authentication is configured, generated Purge LSPs carry the POI TLV or
hostname TLV.
● If the purge-originator-identification enable always command is run,
generated Purge LSPs carry the POI TLV and hostname TLV, regardless of
whether authentication is configured.
----End
8.6.2 Configuring a NET and Enabling IPv6 IS-IS

Context
NET is the special form of the network service access point (NSAP). After the IS-IS
view is displayed, IS-IS can start only when a NET is configured for an IS-IS
process.
Generally, you only need to configure one NET for an IS-IS process. When an area
needs to be redefined, for example, the area needs to be merged with other areas
or divided into sub-areas, configure multiple NETs to ensure route correctness. A
maximum of three area addresses can be configured for an IS-IS process.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Therefore, a maximum of three NETs can be configured for an IS-IS process. When
configuring multiple NETs, ensure that their system IDs are the same.
IS-IS can run on an IPv6 topology only when IPv6 is enabled on an IS-IS process.
Procedure
The IS-IS process view is displayed.
Step 3 Run network-entity net
A NET is configured.
NOTE
Configuring NETs based on loopback interface addresses is recommended to ensures that a

NET is unique on the network. If NETs are not unique, route flapping will easily occur.
An area ID is used to uniquely identify an area in the same IS-IS domain. All routers in the
same Level-1 area must share the same area ID, while routers in the same Level-2 area can
have different area IDs.
Step 4 Run ipv6 enable
IPv6 is enabled for the IS-IS process.
----End
8.6.3 Configuring a Device Level
Context
Configure a device level according to network planning requirements:
● A Level-1 device can establish neighbor relationships with only Level-1 and
Level-1-2 routers in the same area and maintains only Level-1 LSDBs.
● A Level-2 device can establish neighbor relationship with Level-2 routers in
the same area or different areas and with Level-1-2 routers in different areas
and maintain only Level-2 LSDB.
● A Level-1-2 device can establish neighbor relationships with Level-1 and
Level-2 routers and maintain Level-1 and Level-2 LSDBs.
NOTICE
If the levels of IS-IS devices are changed during network operation, the IS-IS
process will be restarted, and IS-IS neighbor relationships will be disconnected.
Setting the levels of devices when configuring IS-IS is recommended.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Procedure
Step 3 Run is-level { level-1 | level-1-2 | level-2 }
A level is configured for the switch.
By default, the level of the switch is Level-1-2.
----End
8.6.4 Establishing an IS-IS Neighbor Relationship

Context
The methods to establish IS-IS neighbor relationships on a broadcast network and
a P2P network are different. Therefore, you need to set different IS-IS attributes
for interfaces of different types:
● On a broadcast network, IS-IS needs to select a designated intermediate
system (DIS). You can set DIS priorities for IS-IS interfaces to enable the
device with the highest DIS priority to be elected as the DIS.
● On a P2P network, IS-IS does not need to select the DIS. Therefore, the DIS
priority does not need to be configured for interfaces. To ensure P2P link
reliability, configure IS-IS to establish neighbor relationships on P2P interfaces
in 3-way mode for unidirectional link fault detection.
Generally, IS-IS checks the IP addresses of received Hello packets. Neighbor
relationships can be established only when the IP address carried in a received
Hello packet and the address of the interface that receives the Hello packet
are on the same network segment. If the IP addresses of the two P2P
interfaces are on different network segments and the isis peer-ip-ignore
command is run on the two interfaces, IS-IS does not check the peer IP
address. The neighbor relationship can be correctly established on the two
P2P interfaces.
Procedure
● Establish an IS-IS neighbor relationship on a broadcast link.
a. Run system-view
b. Run interface interface-type interface-number
The interface view is displayed.
c. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE
Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI,

S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2
and Layer 3 modes.
d. Run ipv6 enable
IPv6 is enabled on the interface.

e. Run isis ipv6 enable [ process-id ]
IS-IS IPv6 is enabled on the interface.
After this command is run, IS-IS establishes neighbor relationships and

floods LSPs through this interface.
NOTE
Loopback interfaces are not used to establish neighbor relationships. If IS-IS is

enabled on a loopback interface, IS-IS advertises the routes of the network
segment where the interface resides through other IS-IS interfaces.
f. Run isis circuit-level [ level-1 | level-1-2 | level-2 ]
A level is configured for the interface.
By default, the level of an interface is Level-1-2.
When two Level-1-2 devices establish an IS-IS neighbor relationship, they

establish both Level-1 and Level-2 neighbor relationships. To allow the
two Level-1-2 devices to establish only Level-1 or Level-2 neighbor
relationship, change the level of interfaces.
NOTE
Changing the level of an IS-IS interface is valid only when the level of the IS-IS
device is Level-1-2. If the level of the device is not Level-1-2, the level of the
device determines the level of the established neighbor relationship.
g. (Optional) Run isis dis-priority priority [ level-1 | level-2 ]
A DIS priority is set for the interface. A larger value indicates a higher
priority.
By default, the DIS priority of Level-1 and Level-2 broadcast interfaces is

64.
h. (Optional) Run isis silent [ advertise-zero-cost ]
The interface is suppressed.
By default, an IS-IS interface is not suppressed.
When an IS-IS interface is suppressed, the interface no longer sends or

receives IS-IS packets. The routes of the network segment where the
interface resides, however, can still be advertised to other IS-IS devices
within the same AS.
● Establish an IS-IS neighbor relationship on a P2P link.
a. Run system-view

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches

NOTE

and Layer 3 modes.
d. Run ipv6 enable
IPv6 is enabled on the interface.

e. Run isis ipv6 enable [ process-id ]
IS-IS IPv6 is enabled on the interface.

f. Run isis circuit-level [ level-1 | level-1-2 | level-2 ]
A level is configured for the interface.
By default, the level of an interface is Level-1-2.

g. Run isis circuit-type p2p [ strict-snpa-check ]
The network type of the interface is set to P2P.
By default, the network type of an interface is determined by the physical

type of the interface.
When the network type of an IS-IS interface changes, the interface

configuration changes accordingly:
▪ After a broadcast interface is simulated as a P2P interface using the

isis circuit-type p2p [ strict-snpa-check ] command, the interval for
sending Hello packets, number of Hello packets that IS-IS does not
receive from a neighbor before the neighbor is declared Down,
interval for retransmitting LSPs on a P2P link, and various IS-IS
authentication modes are restored to the default settings; Other
configurations such as the DIS priority, DIS name, and interval for
sending CSNPs on a broadcast network become invalid.
▪ After the undo isis circuit-type command is run to restore the

default network type of an IS-IS interface, the interval for sending
Hello packets, number of Hello packets that IS-IS does not receive
from a neighbor before the neighbor is declared Down, interval for
retransmitting LSPs on a P2P link, various IS-IS authentication
modes, DIS priority, and interval for sending CSNPs on a broadcast
network are restored to the default settings.
h. Run isis ppp-negotiation { 2-way | 3-way [ only ] }
A negotiation mode is specified for the interface.
By default, the negotiation mode is 3-way.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
i. Run isis peer-ip-ignore

IS-IS is configured not to check the IP addresses of received Hello packets.
By default, IS-IS checks the IP addresses of received Hello packets.
j. Run isis ppp-osicp-check
OSICP negotiation status check is configured on the interface.
By default, the OSICP negotiation status of a PPP interface does not
affect the status of an IS-IS interface.
NOTE
This command applies only to PPP interfaces and is invalid for other P2P
interfaces.
After this command is run, the OSICP negotiation status of a PPP interface
affects the status of an IS-IS interface. When PPP detects that the OSI network
fails, the link status of the IS-IS interface goes Down, and the routes of the
network segment where the interface resides are not advertised through LSPs.
----End
8.6.5 Verifying the Basic IPv6 IS-IS Function Configuration

Procedure
● Run the display isis peer [ verbose ] [ process-id | vpn-instance vpn-
instance-name ] command to check information about IS-IS neighbors.
● Run the display isis interface [ verbose ] [ process-id | vpn-instance vpn-
instance-name ] command to check information about IS-IS interfaces.
● Run the display isis route [ process-id | vpn-instance vpn-instance-name ]
ipv6 [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] *
command to check information about IS-IS routes.
----End
8.7 Improving IPv6 IS-IS Network Security
Before improving IS-IS network security, configure basic IPv6 IS-IS functions.
You can perform the following configuration tasks (excluding the task of Verifying
the IPv6 IS-IS Network Security Optimization Configuration) in any sequence.
8.7.1 Configuring Interface Authentication

Context
Generally, the IS-IS packets to be sent are not encapsulated with authentication
information, and the received packets are not authenticated. If a user sends

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
malicious packets to attack a network, information on the entire network may be

stolen. Therefore, you can configure IS-IS authentication to improve network
security.
After the IS-IS interface authentication is configured, authentication information
can be encapsulated into the Hello packet to confirm the validity and correctness
of neighbor relationships.
NOTICE
If plain is selected during the configuration of the authentication mode for the IS-
IS interface, the password is saved in the configuration file in plain text. This
brings security risks. It is recommended that you select cipher to save the
password in cipher text.
Simple authentication and MD5 authentication have potential security risks.
HMAC-SHA256 authentication mode is recommended.
Procedure
Step 2 Run interface interface-type interface-number
Step 3 (Optional) On an Ethernet interface, run undo portswitch
NOTE
Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
Step 4 Run any of the following commands to configure an authentication mode for the
IS-IS interface as required:
● Run isis authentication-mode simple { plain plain-text | [ cipher ] plain-
cipher-text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]
Simple authentication is configured for the IS-IS interface.
● Run isis authentication-mode md5 { plain plain-text | [ cipher ] plain-
cipher-text } [ level-1 | level-2 ] [ ip | osi ] [ send-only ]
MD5 authentication is configured for the IS-IS interface.
● Run isis authentication-mode hmac-sha256 key-id key-id { plain plain-text |
[ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ send-only ]
HMAC-SHA256 authentication is configured for the IS-IS interface.
● Run isis authentication-mode keychain keychain-name [ level-1 | level-2 ]
[ send-only ]
The Keychain authentication is configured for the IS-IS interface.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
By default, an IS-IS interface does not authenticate received Hello packets and no
authentication password is configured on the interface.
NOTE
Use the send-only parameter according to network requirements:

● If the send-only parameter is specified, the device only encapsulates the Hello packets
to be sent with authentication information rather than checks whether the received
Hello packets pass the authentication. When the Hello packets do not need to be
authenticated on the local device and pass the authentication on the remote device,
the two devices can establish the neighbor relationship.
● If the send-only parameter is not specified, ensure that passwords of all interfaces
with the same level on the same network are the same.
Parameters level-1 and level-2 apply only to the VLANIF interfaces on which IS-IS is
enabled using the isis ipv6 enable command.
S6730S-H, S6730-S, and S6730S-S support keychain keychain-name.
----End
8.7.2 Configuring Area or Domain Authentication

Context
Generally, the IS-IS packets to be sent are not encapsulated with authentication
information, and the received packets are not authenticated. If a user sends
malicious packets to attack a network, information on the entire network may be
stolen. Therefore, to improve the network security, you can configure IS-IS
authentication.
The area authentication password is encapsulated into Level-1 IS-IS packets. Only
the packets that pass the area authentication can be accepted. Therefore, you
must configure IS-IS area authentication on all the IS-IS devices in the specified
Level-1 area to authenticate the Level-1 area.
The domain authentication password is encapsulated into Level-2 IS-IS packets.
Only the packets that pass the domain authentication can be accepted. Therefore,
you must configure IS-IS domain authentication on all the IS-IS devices in the
Level-2 area to authenticate Level-2 area.
NOTICE
If plain is selected during the configuration of an area or domain authentication

mode, the password is saved in the configuration file in plain text. This brings
security risks. It is recommended that you select cipher to save the password in
cipher text.
Simple authentication and MD5 authentication have potential security risks.
HMAC-SHA256 authentication mode is recommended.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE
When configuring IS-IS authentication, the area or domain authentication modes and
passwords of the routers in the same area must be consistent so that IS-IS packets can be
flooded normally.
Whether IS-IS packets can pass area or domain authentication does not affect the
establishment of Level-1 or Level-2 neighbor relationships.
Procedure
Step 3 Perform the following operations in any sequence as required.
● Run area-authentication-mode { { simple | md5 } { plain plain-text |
[ cipher ] plain-cipher-text } [ ip | osi ] | keychain keychain-name | hmac-
sha256 key-id key-id } [ snp-packet { authentication-avoid | send-only } |
all-send-only ]
The area authentication mode is configured.
By default, the system neither encapsulates generated Level-1 packets with
authentication information nor authenticates received Level-1 packets.
● Run domain-authentication-mode { { simple | md5 } { plain plain-text |
[ cipher ] plain-cipher-text } [ ip | osi ] | keychain keychain-name | hmac-
sha256 key-id key-id } [ snp-packet { authentication-avoid | send-only } |
all-send-only ]
The domain authentication mode is configured.
By default, the system neither encapsulates generated Level-2 packets with
authentication information nor authenticates received Level-2 packets.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE
S6730S-H, S6730-S, and S6730S-S support keychain keychain-name.
The authentication involves the following situations:
● The device encapsulates the authentication mode into LSPs and SNPs to be sent and
checks whether the received packets pass authentication. Then, the device discards the
packets that do not pass the authentication. In this case, the parameter snp-packet or
all-send-only is not specified.
● The device encapsulates authentication information into LSPs to be sent and checks
whether the received LSPs pass the authentication; the device neither encapsulates the
SNPs to be sent with authentication information nor checks whether the received SNPs
pass the authentication. In this case, the parameter snp-packet authentication-avoid
needs to be specified.
● The device encapsulates the LSPs and SNPs to be sent with authentication information;
the device, however, checks the authentication mode of only the received LSPs rather
than the received SNPs. In this case, the parameter snp-packet send-only needs to be
specified.
● The device encapsulates the LSPs and SNPs to be sent with authentication information,
but does not check whether the received LSPs or SNPs pass the authentication. In this
case, the parameter all-send-only needs to be specified.
----End
8.7.3 Configuring the Optional Checksum

Context
When a network is running, Intermediate System to Intermediate System (IS-IS)
routers may be attacked or IS-IS packets may be modified. As a result, important
network information may be intercepted, causing serious loss to the network. The
optional checksum encapsulates optional checksum TLVs into the Complete
Sequence Numbers Protocol Data Units (CSNPs), Partial Sequence Number
Protocol Data Units (PSNPs), and Hello packets sent by IS-IS routers. When the
peer device receives the encapsulated packets, it checks whether TLVs carried in
the packets are correct. If TLVs are not correct, the peer device discards the
packets for network security.
Procedure
Step 2 Run isis
An IS-IS process is created and the IS-IS view is displayed.
Step 3 Run optional-checksum enable
IS-IS optional checksum is enabled.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE
If MD5 authentication or Keychain authentication with valid MD5 authentication is

configured on an IS-IS interface or area, IS-IS routers send Hello packets and SNP packets
carrying no checksum TLVs and verify the checksum of the received packets.
----End
8.7.4 Verifying the IPv6 IS-IS Network Security Optimization

Configuration
Procedure
● Run the display isis lsdb verbose command to check the detailed information
in the IS-IS LSDB.
----End
8.8 Controlling IPv6 IS-IS Route Selection
Before configuring IS-IS route selection, configure basic IPv6 IS-IS functions.
the IPv6 IS-IS Route Selection Control Configuration) in any sequence.
8.8.1 Configuring a Preference Value for IPv6 IS-IS

Context
If multiple routes to the same destination are discovered by different routing
protocols running on the same device, the route discovered by the protocol with
the highest preference is selected.
To prefer an IPv6 route discovered by IS-IS, configure a higher preference for IS-IS
IPv6 route. In addition, a routing policy can be configured to increase the
preferences of specified IS-IS IPv6 routes, without affecting route selection.
Procedure
The IS-IS view is displayed.
Step 3 Run ipv6 preference { route-policy route-policy-name | preference }*

An IS-IS IPv6 route preference value is configured.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
The default IS-IS IPv6 route preference value is 15. A smaller preference value
indicates a higher preference.
----End
8.8.2 Configuring a Cost for IS-IS Interfaces on an IPv6

Network
Context
The costs of IS-IS interfaces can be determined in the following modes (in
descending order of priority):
● Interface cost: configured for a specified interface.
● Global cost: configured for all interfaces.
● Automatically calculated cost: automatically calculated based on the interface
bandwidth.
If no cost is configured for an IS-IS interface, the IS-IS interface uses the default
cost 10 and cost style narrow.
NOTICE
If you need to change the cost style of IS-IS devices, change it during the
configuration of basic IS-IS functions is recommended. If the cost style of IS-IS
devices is changed during network operation, the IS-IS process will be restarted,
and the neighbor relationship will be re-established.
Procedure
Step 1 Configure an IS-IS cost style.
1. Run system-view

2. Run isis [ process-id ]

3. Run cost-style { narrow | wide | wide-compatible | { narrow-compatible |
compatible } [ relax-spf-limit ] }
An IS-IS cost style is configured.
By default, the cost style of routes received and sent by an IS-IS device is
narrow.
The cost range of an interface and a route received by the interface vary with the
cost type.
● If the cost style is narrow, the cost of an interface ranges from 1 to 63. The
maximum cost of a route received by the interface is 1023.
● If the cost style is narrow-compatible or compatible, the cost of an interface
ranges from 1 to 63. The cost of a received route is related to relax-spf-limit.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
● If the cost style is wide-compatible or wide, the cost of the interface ranges
from 1 to 16777215. When the cost is 16777215, the neighbor TLV generated
on the link cannot be used for route calculation but for the transmission of TE
information. The maximum cost of a received route is 0xFFFFFFFF.
Step 2 Configure a cost for an IS-IS interface on an IPv6 network.
Perform any of the following operations as required:
Configure a cost for a specified IS-IS interface on an IPv6 network.
1. Run system-view
2. Run interface interface-type interface-number
3. (Optional) On an Ethernet interface, run undo portswitch
NOTE

S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and
Layer 3 modes.
4. Run isis ipv6 cost { cost | maximum } [ level-1 | level-2 ]
A cost is configured for the IS-IS interface on an IPv6 network.
By default, the cost of an IS-IS interface on an IPv6 network is 10.
NOTE
You can configure the parameter maximum only when the IS-IS cost style is wide or wide-
compatible.
Configure a global IS-IS interface cost on an IPv6 network.
1. Run system-view
3. Run ipv6 circuit-cost { cost | maximum } [ level-1 | level-2 ]
A global IS-IS interface cost on an IPv6 network is configured.
By default, no global cost is configured.
Enable IS-IS interfaces to automatically calculate their costs on an IPv6
network.
1. Run system-view

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
3. Run ipv6 bandwidth-reference value

A bandwidth reference value is configured. By default, the value is 100 Mbit/s.
4. Run ipv6 auto-cost enable [ compatible ]
IS-IS interfaces are configured to automatically calculate their costs on an
IPv6 network.
The bandwidth reference value set using the ipv6 bandwidth-reference command
takes effect only when the cost style is wide or wide-compatible. In this case, the
interface cost is calculated using the following formula:
Cost of each interface = (Bandwidth-reference/Interface bandwidth) × 10
If the cost-style is narrow, narrow-compatible, or compatible, the cost of each
interface is based on costs listed in Table 8-3.
Table 8-3 Mapping between IS-IS interface costs and interface bandwidth
Cost Bandwidth Range
60 Interface bandwidth ≤ 10 Mbit/s
50 10 Mbit/s < Interface bandwidth ≤ 100

Mbit/s

Mbit/s

Mbit/s
20 622 Mbit/s < Interface bandwidth ≤ 2.5

Gbit/s
10 2.5 Gbit/s < Interface bandwidth
----End
8.8.3 Configuring Equal-Cost IPv6 IS-IS Routes

Context
If there are redundant IS-IS links, multiple routes may have an equal cost.
Configure load balancing among equal-cost IS-IS routes so that traffic will be
evenly balanced among these links. This mechanism increases the link bandwidth
usage and prevents network congestion caused by link overload. However, this
mechanism may make traffic management more difficult because traffic will be
randomly forwarded.
Procedure
● Configure load balancing among equal-cost IS-IS routes.
a. Run system-view

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches

b. Run isis [ process-id ]
c. Run ipv6 maximum load-balancing number
The maximum number of equal-cost IPv6 IS-IS routes for load-balancing
is set.
By default, load balancing is supported and a maximum of 8 equal-cost
routes can participate in load balancing.
NOTE
When the number of equal-cost routes is larger than the value specified in the
ipv6 maximum load-balancing command, valid routes are selected for load
balancing based on the following criteria:
1. Route preference: Routes with higher preferences are selected for load
balancing.
2. Next hop system ID: If routes have the same preference, routes with smaller
system IDs are selected for load balancing.
3. Interface index: If routes have the same preference and system ID, routes with
lower interface index values are selected for load balancing.
----End
8.8.4 Configuring IS-IS IPv6 Route Leaking

Context
If multiple Level-1-2 devices in a Level-1 area are connected to devices in the
Level-2 area, a Level-1 LSP sent by each Level-1-2 device carries an ATT flag bit of
1. This Level-1 area will have multiple routes to the Level-2 area and to other
Level-1 areas.
By default, routes in a Level-1 area can be leaked into the Level-2 area so that
Level-1-2 and Level-2 devices can learn about the topology of the entire network.
Devices in a Level-1 area are unaware of the entire network topology because
they only maintain LSDBs in the local Level-1 area. Therefore, a device in a Level-1
area can forward traffic to a Level-2 device only through the nearest Level-1-2
device. The route used may not be the optimal route to the destination.
To enable a device in a Level-1 area to select the optimal route, configure IS-IS
IPv6 route leaking so that specified routes in the Level-2 area can be leaked into
the local Level-1 area.
Routes of services deployed only in the local Level-1 area do not need to be
leaked into the Level-2 area. A policy can be configured to leak only desired routes
into the Level-2 area.
Procedure
● Specify IS-IS IPv6 routes in the Level-2 area and other Level-1 areas that can
be leaked into the local Level-1 area.
a. Run system-view

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches


c. Run ipv6 import-route isis level-2 into level-1 [ tag tag | filter-policy
{ acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name |
route-policy route-policy-name } | direct { allow-filter-policy | allow-
up-down-bit } * ] *
IS-IS IPv6 routes in the Level-2 area and other Level-1 areas that meet
the specified conditions are leaked into the local Level-1 area.
By default, IS-IS IPv6 routes in the Level-2 area are not leaked into
Level-1 areas.
NOTE
The command in Step 3 is run on the Level-1-2 device that is connected to an

external area.
● Configure IS-IS IPv6 routes in Level-1 areas to leak into the Level-2 area.
a. Run system-view


c. Run ipv6 import-route isis level-1 into level-2 [ tag tag | filter-policy
{ acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-name |
route-policy route-policy-name }| direct allow-filter-policy ] *
IS-IS IPv6 routes that meet the specified conditions in Level-1 areas are
leaked into the Level-2 area.
By default, all Level-1 IS-IS IPv6 routing information, excluding

information about default routes, is leaked to Level-2 areas.
NOTE
The command in Step 3 is run on the Level-1-2 device that is connected to an

external area.
----End
8.8.5 Controlling Whether a Level-1 Device Generates an IPv6

Default Route
Context
As defined in the IS-IS protocol, if a Level-1-2 device reaches more areas through a
Level-2 area than through a Level-1 area based on the link state database (LSDB),
the Level-1-2 device sets the ATT bit to 1 in the LSPs and sends the LSPs with the
ATT bit 1 to the Level-1 device. Upon receipt, the Level-1 device generates a
default route destined for the Level-1-2 device.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
The preceding rules are used by default. You can set the ATT bit as required on a
live network.
Perform the following steps:
Procedure
Step 3 Run the following command as required:

● To set the ATT bit in the LSPs sent by the Level-1-2 device, run the attached-
bit advertise { always | never } command.
– If the always parameter is specified, the ATT bit is set to 1. After
receiving the LSPs carrying the ATT bit 1, the Level-1 device generates a
default route.
– If the never parameter is specified, the ATT bit is set to 0. After receiving
the LSPs carrying the ATT bit 0, the Level-1 device does not generate a
default route, which reduces the size of a routing table.
● To disable the Level-1 device from generating default routes even though it
receives the LSPs carrying the ATT bit 1, run the attached-bit avoid-learning
command.
----End
8.8.6 Verifying the IPv6 IS-IS Route Selection Control

Configuration
Procedure
command to check IS-IS routing information.
● Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-
name symbolic-name } ] * [ process-id | vpn-instance vpn-instance-name ]
command to check information in the IS-IS LSDB.
----End
8.9 Controlling IPv6 IS-IS Route Exchange
Before controlling IS-IS route exchange, configure basic IPv6 IS-IS functions.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
the IPv6 IS-IS Route Exchange Control Configuration) in any sequence.
8.9.1 Configuring IS-IS to Advertise a Default Route

Context
If IS-IS is configured to advertise a default route on a border device that has
external routes, the device advertises a default route ::/0 in the IS-IS routing
domain. All traffic destined for other routing domains is first forwarded to the
border device.
NOTE
Configuring a static default route can also allow all the traffic to be first forwarded to a
border device, which then forwards the traffic outside an IS-IS routing domain. However,
this method leads to heavy workload in configuration and management when a large
number of devices are deployed on the network.
In addition, advertising default routes using IS-IS is flexible. If multiple border devices are
deployed, a routing policy can be configured to allow only the border device that meets the
specified conditions to advertise a default route, preventing routing blackholes.
Procedure
Step 3 Run ipv6 default-route-advertise [ always | match default | route-policy route-
policy-name ] [ cost cost | tag tag | [ level-1 | level-1-2 | level-2 ] ] * [ avoid-
learning ]
IS-IS is configured to advertise a default IPv6 route.
By default, IS-IS does not advertise a default route.
----End
8.9.2 Configuring IS-IS to Import External Routes

Context
After IS-IS is configured to advertise a default route on a border device in an IS-IS
routing domain, all the traffic destined outside the IS-IS routing domain is
forwarded through the border device. This burdens the border device because
other devices in the IS-IS routing domain do not have the routes destined outside
the domain. If multiple border devices are deployed in the IS-IS routing domain,
optimal routes to other routing domains need to be selected.
To ensure optimal routes are selected, all the other devices in the IS-IS routing
domain must learn all or some external routes.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Procedure
Step 3 Configure IS-IS to import external routes.

● When you need to set a cost for imported routes, run the ipv6 import-route
{ static | direct | unr | { ospfv3 | ripng | isis } [ process-id ] | bgp [ permit-
ibgp ] } [ cost cost | tag tag | route-policy route-policy-name | [ level-1 |
level-2 | level-1-2 ] ] * command.
● When you need to retain the original cost of imported routes, run the ipv6
import-route { direct | unr | { ospfv3 | ripng | isis } [ process-id ] | bgp
[ permit-ibgp ] } inherit-cost [ tag tag | route-policy route-policy-name |
[ level-1 | level-2 | level-1-2 ] ] * command. In this case, the source routing
protocol of imported routes cannot be static.
NOTE
IS-IS will advertise all imported external routes to the IS-IS routing domain by default.
----End
8.9.3 Configuring IS-IS to Advertise Specified External Routes

to an IS-IS Routing Domain
Context
When the local IS-IS device advertises imported external routes to other IS-IS
devices, routing policies can be configured to advertise only the external routes
that meet specified conditions if these devices do not require all the imported
external routes.
Procedure
Step 3 Run ipv6 filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-

prefix-name | route-policy route-policy-name } export [ protocol [ process-id ] ]
IS-IS is configured to advertise the external IPv6 routes that meet specified
conditions to the IS-IS routing domain.
----End

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
8.9.4 Adding Specified IS-IS Routes to an IPv6 Routing Table
Context
Only routes in an IPv6 routing table can be used to forward IPv6 packets. An IS-IS
route can take effect only after this IS-IS route has been successfully added to an
IPv6 routing table.
If an IS-IS route does not need to be added to a routing table, specify conditions,
such as IPv6 prefix, and routing policy, to filter the route. IS-IS routes that do not
meet the specified conditions cannot be added to the IPv6 routing table and
cannot be selected to forward IPv6 packets.
Procedure
Step 3 Run ipv6 filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-

prefix-name | route-policy route-policy-name } import
Conditions for filtering IS-IS routes are configured.
----End
8.9.5 Verifying the IPv6 IS-IS Route Exchange Control

Configuration
Procedure
● Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-
name symbolic-name } ] * [ process-id | vpn-instance vpn-instance-name ]
command to check IS-IS LSDB information.
command to check IS-IS routing information.
● Run the display ipv6 routing-table command to check the IPv6 routing table.
----End
8.10 Configuring IPv6 IS-IS Route Summarization
Before configuring IS-IS route summarization, configures basic IPv6 IS-IS
functions.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Procedure
Step 3 Run ipv6 summary ipv6-address prefix-length [ avoid-feedback |

generate_null0_route | tag tag | [ level-1 | level-1-2 | level-2 ] ] *
The specified IPv6 IS-IS routes are summarized into one IS-IS route.
NOTE
After route summarization is configured on a device, the local routing table still contains all
specific routes before the summarization. The routing tables on other devices contain only
the summary route, and the summary route is deleted only after all its specific routes are
deleted.
----End
Verifying the Configuration

● Run the display isis route command to check summary routes in the IS-IS
routing table.
● Run the display ipv6 routing-table [ verbose ] command to check summary
routes in the IPv6 routing table.
8.11 Controlling IPv6 IS-IS Route Convergence
Before configuring IS-IS route convergence, configure basic IPv6 IS-IS functions.
the IPv6 IS-IS Route Convergence Control Configuration) in any sequence.
8.11.1 Configuring Attributes for Hello Packets
Context
IS-IS maintains neighbor relationships by sending and receiving Hello packets. If
the local device does not receive Hello packets from its neighbor within a specified
period, the device considers the neighbor Down.
In IS-IS, you can set the interval for sending Hello packets and the holding
multiplier of neighboring devices to control the holdtime of neighbor relationships
between the local device and neighbors.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
● If the interval for sending Hello packets is too short, more system resources
are consumed to send Hello packets, causing a heavy CPU load.
● If the holdtime of neighboring devices is too long, the local device needs to
spend much time detecting the failure of neighbors, slowing down IS-IS route
convergence. If the holdtime of neighboring devices is too short, some Hello
packets may be lost or become incorrect because of network transmission
delay and errors. This will cause neighbor relationships to frequently alternate
between Up and Down and lead to route flapping on the IS-IS network.
NOTE
You are advised to set the same interval for sending Hello packets and same holding
multiplier of neighboring devices on all the devices on the IS-IS network. This method
prevents IS-IS route convergence from being slowed down when some devices detect
link failures at a lower speed than other devices.
Procedure
● Configure an interval for sending Hello packets.
a. Run system-view


NOTE

and Layer 3 modes.
d. Run isis timer hello hello-interval [ level-1 | level-2 ]
An interval for sending Hello packets is set on an interface.
By default, the interval for sending Hello packets 10 seconds.
NOTE
Parameters level-1 and level-2 are configured only on a broadcast interface.

On a broadcast link, there are Level-1 and Level-2 Hello packets. For different
types of packets, you can set different intervals. If no level is specified, both the
Level-1 timer and Level-2 timer are configured. On a P2P link, there is only one
type of Hello packets. Therefore, neither level-1 nor level-2 is required.
● Set a holding multiplier for neighboring devices.
a. Run system-view


S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches

NOTE

and Layer 3 modes.
d. Run isis timer holding-multiplier number [ level-1 | level-2 ]
A holding multiplier of neighboring devices is set.
The default holding multiplier is 3. The holdtime of neighbor
relationships is three times the interval for sending Hello packets.
NOTE
Parameters level-1 and level-2 are configured only on a broadcast interface.
----End
8.11.2 Configuring Attributes for LSPs

Context
LSPs are used to exchange link state information. You can configure attributes for
LSPs to control the length and maximum lifetime of LSPs. To accelerate network
convergence, you can enable LSP fast flooding or reduce the minimum interval for
sending LSPs and the interval for updating LSPs to speed up LSP flooding.
However, CPU resources will be consumed too much if the network topology
changes frequently. In this situation, configure the intelligent timer for generating
LSPs. This timer can fast respond to emergencies, speed up network convergence,
and improve CPU resource efficiency because its interval becomes longer when the
network changes frequently.
Configured Function Usage Scenario

Parameters
Maximum Set a size When the volume of link status information

length of for LSPs to increases, the length of LSPs to be generated can
LSPs be be increased to carry more information in each LSP.
generated
and LSPs
to be
received.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches

Parameters
Maximum Set a When a switch generates the system LSP, it fills in

lifetime of maximum the maximum lifetime for this LSP. After this LSP is
LSPs lifetime received by other switches, the lifetime of the LSP
for LSPs to is reduced gradually. If the switch does not receive
ensure the any more update LSPs and the lifetime of the LSP is
validity of reduced to 0, the LSP will be deleted from the LSDB
an LSP 60s later if no more updated LSPs are received.
before its
updated
LSP is
received.
Refresh Set a On an IS-IS network, LSDB synchronization is

interval of refresh implemented through LSP flooding. During LSP
LSPs interval flooding, a switch sends an LSP to its neighbors
for LSPs to and then the neighbors send the received LSP to
synchroniz their respective neighbors except the switch that
e LSDBs. first sends the LSP. In this manner, the LSP is
flooded among the switches of the same level. LSP
flooding allows each switch of the same level to
have the same LSP information and synchronize its
LSDB with each other.
Minimum Set an Reducing the minimum interval for sending LSPs

interval at interval speeds up LSP flooding.
which LSPs for
are sent sending
an LSP
during LSP
update.
Intelligent Control On an IS-IS network, if the local routing

timer used to the information changes, a switch needs to generate a
generate interval new LSP to notify this change. If the local routing
LSPs for information changes frequently, a large number of
generating new LSPs are generated, which occupies a lot of
LSPs system resources and decreases system
intelligentl performance. To speed up network convergence
y to speed and prevent system performance from being
up route affected, configure an intelligent timer for
convergen generating LSPs. This timer can adjust the delay in
ce and generating LSPs based on the routing information
reduce change frequency.
system
load.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches

Parameters
LSP fast Control When an IS-IS switch receives new LSPs from other
flooding the switches, it updates the LSPs in the local LSDB and
number of periodically floods out the updated LSPs according
LSPs to a timer. LSP fast flooding updates the preceding
flooded method. When a device configured with LSP fast
each time flooding receives one or more new LSPs, it floods
on an out the LSPs with a number smaller than the
interface specified number before calculating routes. This
to speed speeds up LSDB synchronization.
up IS-IS
network
convergen
ce.
Interval at Control On a point-to-point network, devices at both ends

which LSPs the of a link synchronize LSDBs with each other by
are interval flooding LSPs. The device at one end of the link
retransmitted for sends an LSP. If the device at the other end receives
over a P2P retransmit this LSP, it replies with a PSNP. If the device that
link ting LSPs has sent an LSP does not receive a PSNP from the
to ensure other end in a period of time, the device will
LSDB retransmit the LSP.
synchroniz
ation on a
P2P
network.
Procedure
● Set a maximum length for LSPs.
a. Run system-view
c. Set a maximum length for LSPs.
▪ Run lsp-length originate max-size

The maximum length is set for each generated LSP.
▪ Run lsp-length receive max-size

The maximum length is set for each received LSP.
By default, the IS-IS system generates and receives 1497-byte LSPs.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE
Ensure that the value of max-size for LSPs to be generated must be smaller than
or equal to the value of max-size for LSPs to be received.
The value of max-size set through the lsp-length command must meet the
following requirements; otherwise, the MTU status on the interface is considered
Down.
● The MTU of an Ethernet interface must be greater than or equal to the sum
of the value of max-size and 3.
● The MTU of a P2P interface must be greater than or equal to the value of
max-size.
● Set a maximum lifetime for LSPs.
a. Run system-view
c. Run timer lsp-max-age age-time
A maximum lifetime is set for LSPs.
By default, the maximum lifetime of LSPs is 1200 seconds.
● Set a refresh interval for LSPs.
a. Run system-view
c. Run timer lsp-refresh refresh-time
A refresh interval is set for LSPs.
By default, the LSP refresh interval is 900s.
NOTE
Ensure that the LSP refresh interval is more than 300s shorter than the maximum
LSP lifetime. This allows new LSPs to reach all devices in an area before existing
LSPs expire.
The larger a network, the greater the deviation between the LSP refresh interval
and the maximum LSP lifetime.
● Set a minimum interval at which LSPs are sent.
a. Run system-view

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE

and Layer 3 modes.
d. Run isis timer lsp-throttle throttle-interval [ count count ]
The minimum interval for sending LSPs on an IS-IS interface and the
maximum number of LSPs sent within the interval are set.
By default, the minimum interval for sending LSPs is 50 ms, and the
maximum number of LSPs sent each time is 10.
● Configure the intelligent timer used to generate LSPs.
a. Run system-view
c. Run timer lsp-generation max-interval [ init-interval [ incr-interval ] ]
[ level-1 | level-2 ]
The intelligent timer used to generate LSPs is set.
If no level is configured, both Level-1 and Level-2 are configured.
The initial delay for generating the same LSPs (or LSP fragments) is init-
interval. The delay for generating the same LSPs (or LSP fragments) for
the second time is incr-interval. When the routes change each time, the
delay for generating the same LSPs (or LSP fragments) is twice as the
previous value until the delay is up to max-interval. After the delay
reaches max-interval for three times or reset the IS-IS process, the
interval is reduced to init-interval.
When incr-interval is not used and generating the same LSPs (or LSP
fragments) for the first time, init-interval is used as the initial delay. Then,
the delay for generating the same LSPs (or LSP fragments) is max-
interval. After the delay reaches max-interval for three times or the IS-IS
process is reset, the interval is reduced to init-interval.
When only max-interval is used, the intelligent timer changes into a
normal one-short timer.
● Enable LSP fast flooding.
a. Run system-view
c. Run flash-flood [ lsp-count | max-timer-interval interval | [ level-1 |
level-2 ] ] *
LSP fast flooding is enabled.
The lsp-count parameter specifies the number of LSPs flooded each time,
which is applicable to all interfaces. If the number of LSPs to be sent is

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
greater than the value of lsp-count, lsp-count takes effect. If the number
of LSPs to be sent is smaller than the value of lsp-count, LSPs of the
actual number are sent. If a timer is configured and the configured timer
does not expire before the route calculation, the LSPs are flooded
immediately when being received; otherwise, the LSPs are sent when the
timer expires.
When LSP fast flooding is enabled, Level-1 LSPs and Level-2 LSPs are fast
flooded by default if no level is specified.
● Set an interval at which LSPs are retransmitted over a P2P link.
a. Run system-view
NOTE

and Layer 3 modes.
d. (Optional) Run isis circuit-type p2p [ strict-snpa-check ]
A broadcast interface is simulated as a P2P interface.
NOTE
If the interface type is P2P, the step is not required.

e. Run isis timer lsp-retransmit retransmit-interval
An interval at which LSPs are retransmitted over a P2P link is set.
By default, the interval for retransmitting LSPs over a P2P link is 5
seconds.
----End
8.11.3 Configuring Attributes for CSNPs

Context
Complete sequence number PDUs (CSNPs) contain the summary of all the LSPs in
an LSDB to ensure LSDB synchronization between neighbors. CSNPs are processed
differently on broadcast and P2P links.
● On a broadcast link, CSNPs are periodically sent by a DIS device. If a device
detects that its LSDB is not synchronized with its neighbors', the device will
send PSNPs to apply for missing LSPs.
● On a P2P link, CSNPs are sent only during initial establishment of neighboring
relationships.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Procedure
NOTE
Step 4 Run isis timer csnp csnp-interval [ level-1 | level-2 ]

The interval at which CSNPs are sent is set on the interface.
By default, the interval is 10 seconds.
NOTE
Configure Level-1 and Level-2 only when a broadcast interface is specified.
----End
8.11.4 Setting an SPF Calculation Interval

Context
A network change always triggers IS-IS to perform SPF calculation. Frequent SPF
calculation will consume excessive CPU resources, affecting services.
To solve this problem, configure an intelligent timer to control the SPF calculation
interval. For example, to speed up IS-IS route convergence, set the interval for SPF
calculation to a small value and set the interval to a large value after the IS-IS
network becomes stable.
Procedure
Step 3 Run timer spf max-interval [ init-interval [ incr-interval ] ]
An SPF intelligent timer is configured.
By default, no SPF intelligent timer is configured and the maximum delay in SPF
calculation is 5 seconds.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
The intelligent timer changes as follows:

● The delay in the first SPF calculation is determined by init-interval; the delay
in the second SPF calculation is determined by incr-interval. From the third
time on, the delay in SPF calculation increases twice every time until the delay
reaches the value specified by max-interval. After the delay remains at the
value specified by max-interval for three times or the IS-IS process is
restarted, the delay decreases to the value specified by init-interval.
● If incr-interval is not specified, the delay in SPF calculation for the first time is
determined by init-interval. From the second time on, the delay in SPF
calculation is determined by max-interval. After the delay remains at the
value specified by max-interval for three times or the IS-IS process is
restarted, the delay decreases to the value specified by init-interval.
● When only max-interval is specified, the intelligent timer functions as an
ordinary one-time triggering timer.
Step 4 (Optional) Run spf-slice-size duration-time
The maximum duration for SPF calculation is configured.
By default, IS-IS route calculation lasts for a maximum of 2 ms at a time.
----End
8.11.5 Configuring Convergence Priorities for IS-IS Routes

Context
You can configure the highest convergence priority for specific IS-IS routes so that
these IS-IS routes will be converged first when a network topology changes.
The application rules of the convergence priorities for IS-IS routes are as follows:
● Existing IS-IS routes are converged based on the priorities configured in the
ipv6 prefix-priority command.
● New IS-IS routes are converged based on the priorities configured in the ipv6
prefix-priority command.
● If an IS-IS route conforms to the matching rules of multiple convergence
priorities, the highest convergence priority is used.
● The convergence priority of a Level-1 IS-IS route is higher than that of a
Level-2 IS-IS route.
Procedure
Step 3 Run ipv6 prefix-priority [ level-1 | level-2 ] { critical | high | medium } { ipv6-
prefix prefix-name | tag tag-value }
Convergence priorities are set for IS-IS routes.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
By default, the convergence priority of 32-bit host routes is medium, and the
convergence priority of the other IS-IS routes is low.
NOTE
The ipv6 prefix-priority command is only applicable to the public network.

After the ipv6 prefix-priority command is run, the convergence priority of 32-bit host
routes is low, and the convergence priorities of the other routes are determined as specified
in the ipv6 prefix-priority command.
Step 4 (Optional) Run quit
----End
8.11.6 Verifying the IPv6 IS-IS Route Convergence Control

Configuration
Procedure
● Run the display isis interface [ verbose ] [ process-id | vpn-instance vpn-
instance-name ] command to check IS-IS packet information.
command to check IS-IS route information.
----End
8.12 Configuring LSP Fragment Extension
Before configuring LSP fragment extension, configure basic IPv6 IS-IS functions.
NOTE
When a new device connects to an IS-IS network, you are advised to configure LSP
fragment extension and virtual systems before establishing IS-IS neighbors or importing
routes. If you establish IS-IS neighbors or import routes, which causes IS-IS to carry much
information that cannot be loaded through 256 fragments, you must configure LSP
fragment extension and virtual systems. The configurations, however, take effect only after
you restart the IS-IS process.
Procedure

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Step 3 Run lsp-fragments-extend [ [ level-1 | level-2 | level-1-2 ] | [ mode-1 |

mode-2 ] ] *
LSP fragment extension is enabled in an IS-IS process.
By default, LSP fragment extension is disabled in an IS-IS process.
If the mode or level is not specified during the configuration of LSP fragment
extension, mode-1 and level-1-2 are used by default.
NOTE
If there are devices of other manufacturers on the network, LSP fragment extension must
be set to mode-1. Otherwise, devices of other manufacturers cannot identify LSPs.
Step 4 Run virtual-system virtual-system-id

A virtual system is configured.
By default, no virtual system is configured.
To configure a switch to generate extended LSP fragments, you must configure at
least one virtual system. The ID of the virtual system must be unique in the
domain.
An IS-IS process can be configured with up to 50 virtual system IDs.
----End

Run the following commands to check IS-IS process statistics.
● display isis statistics [ updated-lsp [ history ] ] [ level-1 | level-2 |
level-1-2 ] [ process-id | vpn-instance vpn-instance-name ]
● display isis process-id statistics [ [ [ updated-lsp [ history ] ] [ level-1 |
level-2 | level-1-2 ] ] | [ packet ] ]
8.13 Configuring a Mesh Group on an NBMA Network
Before configuring a mesh group, configure basic IPv6 IS-IS functions.
Procedure

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE
Step 4 Run isis mesh-group { mesh-group-number | mesh-blocked }
The interface is added to a mesh group.
When mesh-blocked is configured on an interface, the interface is blocked and

cannot flood LSPs outside. All the interfaces added to a mesh group implement
global LSDB synchronization through CSNP and PSNP mechanisms.
----End

Run the following commands to check IS-IS process statistics.
● display isis statistics [ updated-lsp [ history ] ] [ level-1 | level-2 |

level-1-2 ] [ process-id | vpn-instance vpn-instance-name ]
● display isis process-id statistics [ [ [ updated-lsp [ history ] ] [ level-1 |
level-2 | level-1-2 ] ] | packet ]
8.14 Configuring IPv6 IS-IS Reliability
Before configuring IS-IS reliability, configure basic IPv6 IS-IS functions.
You can perform the following configuration tasks in any sequence as required.
8.14.1 Configuring Dynamic BFD for IPv6 IS-IS
Context
The switch supports dynamic BFD for IPv6 IS-IS, but not static BFD for IPv6 IS-IS.
Without BFD, connection status between an IS-IS device and its neighbors can be
monitored only by exchanging Hello packets at intervals. The minimum allowable
sending interval is 3s, and a neighbor is declared Down after at least three
intervals during which no response Hello packet is received from the neighbor. IS-
IS takes more than one second to detect that a neighbor becomes Down, resulting
in loss of a large amount of high-speed data.
BFD provides millisecond-level fault detection. After detecting a link or node

failure, BFD will notify IS-IS of the failure. Traffic is rapidly switched to the backup
link or node.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
NOTE
S6730S-H, S6730-S, and S6730S-S BFD for IS-IS.
Before configuring dynamic BFD for IPv6 IS-IS, complete the following tasks:
● Configure IPv6 addresses for interfaces to ensure that neighbor nodes are
reachable.
● Configure IPv6 IS-IS functions to ensure that each node is reachable at the
network layer.
Configuration Roadmap
The configuration roadmap is as follows:
No. Data
1 Nodes to be enabled with BFD for IPv6 IS-IS
2 Number of the IS-IS process to be enabled with BFD
3 Type and number of each interface to be enabled with BFD
4 Minimum interval at which BFD packets are sent
5 Minimum interval at which BFD packets are received
6 BFD detection multiplier
You can use either of the following methods to enable BFD for IPv6 IS-IS:
● Enable dynamic BFD for specified IS-IS IPv6 processes. This method is
recommended if you need to enable dynamic BFD for IPv6 IS-IS on a large
number of IS-IS interfaces.
● Enable dynamic BFD for specified IPv6 interfaces. This method is
recommended if you need to enable dynamic BFD for IPv6 IS-IS on a small
number of IS-IS interfaces.
Procedure
● Enable dynamic BFD for an IS-IS IPv6 process.
a. Run system-view
b. Run bfd
BFD is enabled globally.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
c. Run quit
d. Run isis process-id
e. Run ipv6 bfd all-interfaces enable
BFD for IS-IS is enabled.
After BFD is enabled globally and the neighbor status is Up, default BFD
parameters will be used to establish BFD sessions on all interfaces.
f. (Optional) Run ipv6 bfd all-interfaces { min-rx-interval receive-interval
| min-tx-interval transmit-interval | detect-multiplier multiplier-value } *
The parameters for establishing BFD sessions are set for all interfaces.
The command execution result is applicable to BFD session parameters
on all IS-IS interfaces.
g. Run quit
To disable the BFD function on an interface, run the isis ipv6 bfd block
command in the interface view to disable the interface from establishing
BFD sessions.
● Enable dynamic BFD on an IS-IS IPv6 interface.
a. Run system-view
b. Run bfd
BFD is enabled globally.
c. Run quit
d. Run interface interface-type interface-number
The view of the specified interface is displayed.
e. (Optional) On an Ethernet interface, run undo portswitch
NOTE

and Layer 3 modes.
f. Run isis ipv6 bfd enable
BFD is enabled on the interface.
g. (Optional) Run isis ipv6 bfd { min-rx-interval receive-interval | min-tx-
interval transmit-interval | detect-multiplier multiplier-value } *

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Run this command when BFD session parameters need to be configured

for a specified interface.
----End
Verifying the Configurations

After configuring dynamic BFD for IPv6 IS-IS, you can check information about the
BFD session and BFD for IPv6 IS-IS on an interface.
● Run the display isis [ process-id | vpn-instance vpn-instance-name ] ipv6 bfd
session { all | peer ipv6-address | interface interface-type interface-number }
command to check information about a BFD session.
● Run the display isis [ process-id ] ipv6 bfd interface command to check the
configurations of BFD for IPv6 IS-IS on the specified interface.
8.15 Configuring the Overload Bit for an IS-IS Device
Before configuring the overload bit for an IS-IS device, configure basic IPv6 IS-IS
functions.
Procedure
Step 3 Run set-overload [ on-startup [ timeout1 | start-from-nbr system-id [ timeout1

[ timeout2 ] ] | wait-for-bgp [ timeout1 ] ] [ send-sa-bit [ timeout3 ] ] ] [ allow
{ interlevel | external }* ]
The overload bit for non-pseudonode LSPs is configured.
----End

● Run the display isis lsdb [ [ level-1 | level-2 ] | verbose | [ local | lsp-id | is-
name symbolic-name ] ] * [ process-id | vpn-instance vpn-instance-name ]
command to check information in the IS-IS LSDB.
8.16 Maintaining IS-IS

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
8.16.1 Resetting IS-IS
Context
To reset IS-IS, reset IS-IS data structure, neighbor relationship and packets
NOTICE
The IS-IS data structure cannot be restored after you reset it. All the previous
structure information and the neighbor relationship are reset. Exercise caution
when running this command.
The specified IS-IS neighbor relationship is deleted after you reset a specified IS-IS
neighbor. Exercise caution when running this command.
Procedure
● Reset IS-IS data structure.
Run the reset isis all[ process-id | vpn-instance vpn-instance-name ]

command to reset IS-IS data structure.
● Reset IS-IS neighbor relationship.
Run the reset isis peer system-id [ process-id | vpn-instance vpn-instance-

name ] command to reset a specific IS-IS neighbor.
After the IS-IS routing policy or the protocol changes, you can reset a specific
IS-IS neighbor to validate the new configuration.
----End
8.16.2 Improving the Maintainability of IS-IS
Context
The administrator can improve the maintainability of IS-IS using either of the
following methods:
● Configuring IS-IS host name mapping: Through this function, the
administrator can use a simple name to replace the system ID. After IS-IS host
name mapping is configured, the dynamic name is displayed in the IS-IS
information to replace the system ID when the display command is executed.
This improves the maintainability of IS-IS networks.
● Configuring IS-IS to add the POI TLV to a PURGE packet: When the value of
the Remaining Lifetime field in an LSP packet is 0, this packet is invalid and
called a PURGE packet. PURGE packets do not record information about the
devices generating these packets. Therefore, when a network is faulty, the
packet source cannot be located. To solve this problem, IS-IS can be
configured to add the POI TLV to a PURGE packet so that the PURGE packet
contains information about its generating device. If the dynamic host name
function is configured locally, the host name TLV is also added to the PURGE
packet to facilitate fault location.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Procedure
Step 3 Configure IS-IS host name mapping.

● Run is-name symbolic-name
IS-IS dynamic host name mapping is configured and a host name is
configured for the local device.
This configuration is dynamic configuration. Therefore, the configured host
name symbolic-name is advertised through an LSP to other IS-IS devices in
the same area. When you use IS-IS display commands to view IS-IS
information on other IS-IS devices, the system ID of the local device is
replaced by the configured host name.
● Run is-name map system-id symbolic-name
IS-IS static host name mapping is configured and a host name is configured
for the remote device.
This configuration is static configuration and takes effect only on the local
device. Therefore, the configured host name symbolic-name is not advertised
through an LSP.
----End
8.16.3 Configuring the Output of IS-IS Adjacency Status
Context
On an IS-IS network, neighbor flapping will result in network instability and
frequent network convergence. This will consume lots of memory and may even
cause user traffic loss. Therefore, neighbor flapping needs to be rapidly located
and solved.
To rapidly locate problems in the case of neighbor flapping, enable the output of
IS-IS adjacency changes to log these changes.
If the local terminal monitor is enabled and the output of the IS-IS adjacency
status is enabled, IS-IS adjacency changes will be output to the router until the
output of the adjacency status is disabled.
Procedure

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Step 3 Run log-peer-change [ topology ]

The output of the adjacency status is enabled.
By default, the output of IS-IS adjacency changes is disabled.
----End
8.17 Configuration Examples for IPv6 IS-IS
8.17.1 Example for Configuring Basic IPv6 IS-IS Functions

Networking Requirements
In Figure 8-1, the four switches on the IPv6 network need to communicate with
each other. SwitchA and SwitchB can only process a small amount of data.
Figure 8-1 Configuring basic IPv6 IS-IS functions
1. Configure IPv6 addresses on interfaces of each switch so that the switches can
be interconnected.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
2. Enable IS-IS on each switch so that the switches can be interconnected.

Configure SwitchA and SwitchB as Level-1 switches to enable them to
maintain less data.
Procedure
Step 1 Configure VLANs that interfaces belong to.
# Configure SwitchA. Ensure that the configurations of SwitchB, SwitchC, and
SwitchD are the same as the configuration of SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
Step 2 Enable the capability of IPv6 forwarding and configure IPv6 address for each
interface.
# Configure SwitchA. Ensure that the configurations of SwitchB, SwitchC, and
SwitchD are the same as the configuration of SwitchA.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address fc00:0:0:10::2/64
[SwitchA-Vlanif10] quit
Step 3 Configure IS-IS.

# Configure SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] ipv6 enable
[SwitchA-isis-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] isis ipv6 enable 1
[SwitchA-Vlanif10] quit
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] ipv6 enable
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] isis ipv6 enable 1
[SwitchB-Vlanif20] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] ipv6 enable
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] isis ipv6 enable 1
[SwitchC-Vlanif10] quit

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
[SwitchC-Vlanif30] isis circuit-level level-2
# Configure SwitchD.
[SwitchD] isis 1
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[SwitchD-isis-1] ipv6 enable
[SwitchD-isis-1] quit
[SwitchD] interface vlanif 30
[SwitchD-Vlanif30] isis ipv6 enable 1
[SwitchD-Vlanif30] quit
[SwitchD] interface vlanif40
[SwitchD-Vlanif40] isis ipv6 enable 1
[SwitchD-Vlanif40] quit
Step 4 Verify the configuration.

# Check the IS-IS routing table of SwitchA.
[SwitchA] display isis route
Route information for ISIS(1)

-----------------------------
ISIS(1) Level-1 Forwarding Table

--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL
IPV6 Dest. ExitInterface NextHop Cost Flags

-------------------------------------------------------------------------------
::/0 Vlanif10 FE80::244:1FF:FE41:5411 10 A/-/-
FC00:0:0:10::/64
Vlanif10 Direct 10 D/L/-
FC00:0:0:20::/64
Vlanif10 FE80::244:1FF:FE41:5411 20 A/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,

U-Up/Down Bit Set
# Check the IS-IS neighbors of SwitchC.

[SwitchC] display isis peer verbose
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI

-------------------------------------------------------------------------------
0000.0000.0001 Vlanif10 0000.0000.0001.01 Up 8s L1 64
MT IDs supported : 0(UP)

Local MT IDs :0
Area Address(es) : 10
Peer IPv6 Address(es): FE80::1234:FCFF:FEFC:199
Uptime : 00:02:08
Adj Protocol : IPV6
Restart Capable : YES
Suppressed Adj : NO
Peer System Id : 0000.0000.0001
0000.0000.0002 Vlanif20 0000.0000.0003.02 Up 24s L1 64

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Local MT IDs :0
Peer IPv6 Address(es): FE80::225:9EFF:FEFB:494A
Uptime : 00:02:09
Adj Protocol : IPV6
Suppressed Adj : NO
Peer System Id : 0000.0000.0002
0000.0000.0004 Vlanif30 0000.0000.0003.03 Up 27s L2 64

Local MT IDs :0
Peer IPv6 Address(es): FE80::244:1FF:FE41:5410
Uptime : 00:02:16
Adj Protocol : IPV6
Suppressed Adj : NO
Peer System Id : 0000.0000.0004
Total Peer(s): 3
# Check the IS-IS LSDB of SwitchC.

[SwitchC] display isis lsdb verbose
Database information for ISIS(1)

--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL

-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000005 0x3cb9 1009 86 0/0/0
SOURCE 0000.0000.0001.00
NLPID IPV6
AREA ADDR 10
INTF ADDR V6 FC00:0:0:10::2
Topology Standard
NBR ID 0000.0000.0001.01 COST: 10
IPV6 FC00:0:0:10::/64 COST: 10
0000.0000.0001.01-00 0x00000001 0xd8f1 1009 55 0/0/0

SOURCE 0000.0000.0001.01
NLPID IPV6
NBR ID 0000.0000.0001.00 COST: 0
NBR ID 0000.0000.0003.00 COST: 0
0000.0000.0002.00-00 0x00000005 0x864b 1007 86 0/0/0

SOURCE 0000.0000.0002.00
NLPID IPV6
AREA ADDR 10
Topology Standard
NBR ID 0000.0000.0003.02 COST: 10
IPV6 FC00:0:0:20::/64 COST: 10
0000.0000.0003.00-00* 0x00000007 0xcf9b 1012 143 1/0/0

SOURCE 0000.0000.0003.00
NLPID IPV6
AREA ADDR 10
Topology Standard
NBR ID 0000.0000.0001.01 COST: 10
NBR ID 0000.0000.0003.02 COST: 10
IPV6 FC00:0:0:10::/64 COST: 10

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
IPV6 FC00:0:0:20::/64 COST: 10
0000.0000.0003.02-00* 0x00000001 0xc9fa 1009 55 0/0/0

SOURCE 0000.0000.0003.02
NLPID IPV6
NBR ID 0000.0000.0003.00 COST: 0
NBR ID 0000.0000.0002.00 COST: 0
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL

-------------------------------------------------------------------------------
0000.0000.0003.00-00* 0x00000006 0x8ff6 1014 146 0/0/0
SOURCE 0000.0000.0003.00
NLPID IPV6
AREA ADDR 10
Topology Standard
NBR ID 0000.0000.0003.03 COST: 10
IPV6 FC00:0:0:10::/64 COST: 10
IPV6 FC00:0:0:20::/64 COST: 10
IPV6 FC00:0:0:30::/64 COST: 10
0000.0000.0003.03-00* 0x00000001 0xfac6 1012 55 0/0/0

SOURCE 0000.0000.0003.03
NLPID IPV6
NBR ID 0000.0000.0003.00 COST: 0
NBR ID 0000.0000.0004.00 COST: 0
0000.0000.0004.00-00 0x00000005 0x5943 1009 86 0/0/0

SOURCE 0000.0000.0004.00
NLPID IPV6
AREA ADDR 20
Topology Standard
NBR ID 0000.0000.0003.03 COST: 10
IPV6 FC00:0:0:30::/64 COST: 10
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
ipv6
#
vlan batch 10
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
ipv6 enable topology standard
#
#

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
interface Vlanif10
ipv6 enable
ipv6 address FC00:0:0:10::2/64
isis ipv6 enable 1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
● SwitchB configuration file
#
sysname SwitchB
#
ipv6
#
vlan batch 20
#
isis 1
is-level level-1
network-entity 10.0000.0000.0002.00
#
#
#
interface Vlanif20
ipv6 enable
isis ipv6 enable 1
#
#
return
● SwitchC configuration file
#
sysname SwitchC
#
ipv6
#
vlan batch 10 20 30
#
isis 1
network-entity 10.0000.0000.0003.00
#
#
#
interface Vlanif10
ipv6 enable
isis ipv6 enable 1
#
interface Vlanif20
ipv6 enable
isis ipv6 enable 1
#
interface Vlanif30
ipv6 enable
isis ipv6 enable 1
isis circuit-level level-2
#

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
#
#
#
return
● SwitchD configuration file

#
sysname SwitchD
#
ipv6
#
vlan batch 30 40
#
isis 1
is-level level-2
network-entity 20.0000.0000.0004.00
#
#
#
interface Vlanif30
ipv6 enable
isis ipv6 enable 1
#
interface Vlanif40
ipv6 enable
isis ipv6 enable 1
#
#
#
return
8.17.2 Example for Configuring Dynamic BFD for IPv6 IS-IS

Networking Requirements
In Figure 8-2, IS-IS is run among SwitchA, SwitchB, and SwitchC. Service traffic is
forwarded along the primary link SwitchA→SwitchB. The link
SwitchA→SwitchC→SwitchB is used as a backup. Customers require that a fault on
the primary link be detected in milliseconds so that service traffic can be fast
switched to the backup link if the primary link fails.
NOTE
In this scenario, ensure that all connected interfaces have STP disabled. If STP is enabled
and VLANIF interfaces of switches are used to construct a Layer 3 ring network, an
interface on the network will be blocked. As a result, Layer 3 services on the network
cannot run normally.

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Figure 8-2 Networking diagram for configuring dynamic BFD for IPv6 IS-IS
1. Configure basic IS-IS IPv6 functions on each switch.
2. Set link cost values for IS-IS interfaces on each switch to make the path
SwitchA→SwitchB become the primary and the path
SwitchA→SwitchC→SwitchB become the backup.
3. Enable BFD globally on each switch to detect faults on the primary link in
milliseconds.
4. Enable IPv6 BFD for IS-IS in the IS-IS view on each switch so that service
traffic can be fast switched to the backup link when the primary link fails.
Procedure
Step 1 Enable the IPv6 forwarding capability and configure IPv6 addresses for interfaces.
# Configure SwitchA. Ensure that the configurations of SwitchB and SwitchC are
the same as the configuration of SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] ipv6
[SwitchA] interface GigabitEthernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] undo portswitch
[SwitchA-GigabitEthernet0/0/1] ipv6 enable
[SwitchA-GigabitEthernet0/0/1] ipv6 address FC00:3::1 64
[SwitchA-GigabitEthernet0/0/2] undo portswitch
[SwitchA-GigabitEthernet0/0/2] ipv6 enable
[SwitchA-GigabitEthernet0/0/2] ipv6 address FC00:1::1 64
Step 2 Configure basic IS-IS IPv6 functions.

[SwitchA] isis 10
[SwitchA-isis-10] is-level level-2
[SwitchA-isis-10] network-entity 10.0000.0000.0001.00
[SwitchA-isis-10] ipv6 enable

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches

[SwitchA-GigabitEthernet0/0/1] isis ipv6 enable 10
[SwitchA-GigabitEthernet0/0/2] isis ipv6 enable 10
[SwitchB] isis 10
[SwitchB-isis-10] is-level level-2
[SwitchB-isis-10] network-entity 10.0000.0000.0003.00
[SwitchB-isis-10] ipv6 enable
[SwitchB] interface GigabitEthernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] isis ipv6 enable 10
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchC] isis 10
[SwitchC-isis-10] is-level level-2
[SwitchC-isis-10] network-entity 10.0000.0000.0002.00
[SwitchC-isis-10] ipv6 enable
[SwitchC] interface GigabitEthernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] isis ipv6 enable 10
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC-GigabitEthernet0/0/2] isis ipv6 enable 10
# After the configurations are complete, run the display ipv6 routing-table
command. You can view that the switches have learnt IPv6 routes from each other.
Step 3 Set link cost values for IS-IS interfaces.
[SwitchA-GigabitEthernet0/0/1] isis cost 1 level-2
[SwitchA-GigabitEthernet0/0/2] isis cost 10 level-2
[SwitchB-GigabitEthernet0/0/1] isis cost 1 level-2
[SwitchC-GigabitEthernet0/0/1] isis cost 10 level-2

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches

[SwitchC-GigabitEthernet0/0/2] isis cost 10 level-2
Step 4 Configure IPv6 BFD for IS-IS.

# Enable IPv6 BFD for IS-IS globally on SwitchA, SwitchB, and SwitchC, and set the
minimum intervals for sending and receiving BFD packets to 150 milliseconds.
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] isis 10
[SwitchA-isis-10] ipv6 bfd all-interfaces enable
[SwitchA-isis-10] ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] isis 10
[SwitchB-isis-10] ipv6 bfd all-interfaces enable
[SwitchB-isis-10] ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
[SwitchC] bfd
[SwitchC-bfd] quit
[SwitchC] isis 10
[SwitchC-isis-10] ipv6 bfd all-interfaces enable
[SwitchC-isis-10] ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
# After the configurations are complete, run the display isis ipv6 bfd session all
command on SwitchA or SwitchB. You can view that IPv6 BFD parameters already
take effect. Take the display on SwitchA as an example:
[SwitchA] display isis ipv6 bfd session all
IPv6 BFD session information for ISIS(10)

-----------------------------------------
Peer System ID : 0000.0000.0003 Type : L2

Interface : GE0/0/1
IPv6 BFD State : up TX : 150 RX : 150 Multiplier : 3
LocDis : 8198 Local IPv6 Address : FE80::200:13FF:FE82:4569
RemDis : 8199 Peer IPv6 Address : FE80::201:FF:FE01:1
Diag : No diagnostic information

Interface : GE0/0/2
RemDis : 8199 Peer IPv6 Address : FE80::225:9EFF:FEFB:BFF1
Total IPv6 BFD session(s): 2
Step 5 Verify the configuration.

# On SwitchA, run the display ipv6 routing-table FC00:4::1 64 command to view
the IPv6 routing table. You can view that the next hop address of the route to
FC00:4::/64 is FE80::201:FF:FE01:1 and the outbound interface is GE0/0/1.
[SwitchA] display ipv6 routing-table FC00:4::1 64
Routing Table :Public

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Summary Count : 1
Destination : FC00:4:: PrefixLength : 64

NextHop : FE80::201:FF:FE01:1 Preference : 15
Cost : 11 Protocol : ISIS-L2
RelayNextHop : :: TunnelID : 0x0
Interface : GigabitEthernet0/0/1 Flags :D
# Run the shutdown command on GE0/0/1 of SwitchB to simulate a primary link

fault.
[SwitchB-GigabitEthernet0/0/1] shutdown
# On SwitchA, run the display ipv6 routing-table FC00:4::1 64 command to view

the IPv6 routing table.
[SwitchA] display ipv6 routing-table FC00:4::1 64
Routing Table :Public
Summary Count : 1
Destination : FC00:4:: PrefixLength : 64

NextHop : FE80::225:9EFF:FEFB:BFF1 Preference : 15
Cost : 30 Protocol : ISIS-L2
RelayNextHop : :: TunnelID : 0x0
Interface : GigabitEthernet0/0/2 Flags :D
In the IPv6 routing table, you can view that the backup link transmits traffic after
the primary link fails, the next hop address of the route to FC00:4::/64 becomes
FE80::225:9EFF:FEFB:BFF1, and the outbound interface becomes GE0/0/2.
# Run the display isis ipv6 bfd session all command on SwitchA, and you can
view that only one BFD session is established between SwitchA and SwitchC and
its status is Up.
[SwitchA] display isis ipv6 bfd session all
IPv6 BFD session information for ISIS(10)

-----------------------------------------

Interface : GE0/0/2
RemDis : 8199 Peer IPv6 Address : FE80::225:9EFF:FEFB:BFF1
Total IPv6 BFD session(s): 1
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
ipv6
#
bfd
#
isis 10
is-level level-2
network-entity 10.0000.0000.0001.00

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
#
ipv6 bfd all-interfaces enable
ipv6 bfd all-interfaces min-tx-interval 150 min-rx-interval 150
#
#
undo portswitch
ipv6 enable
ipv6 address FC00:3::1/64
isis ipv6 enable 10
isis cost 1 level-2
#
undo portswitch
ipv6 enable
isis ipv6 enable 10
isis cost 10 level-2
#
return
● SwitchB configuration file
#
sysname SwitchB
#
ipv6
#
bfd
#
isis 10
is-level level-2
network-entity 10.0000.0000.0003.00
#
#
#
undo portswitch
ipv6 enable
isis ipv6 enable 10
isis cost 1 level-2
#
undo portswitch
ipv6 enable
isis ipv6 enable 10
#
undo portswitch
ipv6 enable
isis ipv6 enable 10
#
return
● SwitchC configuration file
#
sysname SwitchC
#
ipv6
#
bfd
#

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
isis 10
is-level level-2
network-entity 10.0000.0000.0002.00
#
#
#
undo portswitch
ipv6 enable
isis ipv6 enable 10
#
undo portswitch
ipv6 enable
isis ipv6 enable 10
#
return

01-08 IPv6 Is-Is Configuration

Uploaded by

Copyright:

Available Formats

You might also like

01-08 IPv6 Is-Is Configuration

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01-08 IPv6 Is-Is Configuration

Uploaded by

Copyright:

Available Formats

S300, S500, S2700, S5700, and S6700 Series

8 IPv6 IS-IS Configuration

8.1 Overview of IS-IS

8.1 Overview of IS-IS

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 613

In addition to IPv4 networks, IS-IS also applies to IPv6 networks to provide

8.2 Understanding IPv6 IS-IS

8.2.1 IPv6 IS-IS

8.3 Summary of IPv6 IS-IS Configuration Tasks

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 614

Table 8-1 IS-IS configuration tasks

Configuring basic IPv6 To deploy the IS-IS 8.6 Configuring Basic

Configuring IPv6 IS-IS On IS-IS networks, 8.7 Improving IPv6 IS-IS

Configuring IPv6 IS-IS If multiple redundant 8.8 Controlling IPv6 IS-

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 615

Scenario Description Task

Configuring IPv6 IS-IS In practical applications, 8.9 Controlling IPv6 IS-

Configuring IPv6 IS-IS Route aggregation 8.10 Configuring IPv6

Configuring IPv6 IS-IS To enable IS-IS to rapidly 8.11 Controlling IPv6

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 616

Scenario Description Task

Configuring LSP When information 8.12 Configuring LSP

Configuring mesh groups On the NBMA network, 8.13 Configuring a

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 617

Scenario Description Task

Configuring IPv6 IS-IS If the system cannot 8.15 Configuring the

8.4 Licensing Requirements and Limitations for IPv6 IS-

Feature Support in V200R020C10

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 618

8.5 Default Settings for IPv6 IS-IS

Table 8-2 Default settings for IPv6 IS-IS

Parameter Default Setting

Device level Level-1-2

Interval for sending Hello packets 10s

Minimum interval for sending LSPs 50 ms

Maximum number of LSPs to be sent 10

Interval for updating LSPs 900s

Maximum lifetime of LSPs 1200s

Bandwidth reference value 100 Mbit/s

8.6 Configuring Basic IPv6 IS-IS Functions

● Enable the IPv6 forwarding capability on the device.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 619

4. Establish an IS-IS neighbor relationship.

8.6.1 Creating an IS-IS Process

8.6.2 Configuring a NET and Enabling IPv6 IS-IS

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 620

The system view is displayed.

Step 2 Run isis [ process-id ]

The IS-IS process view is displayed.

Step 3 Run network-entity net

Configuring NETs based on loopback interface addresses is recommended to ensures that a

Step 4 Run ipv6 enable

IPv6 is enabled for the IS-IS process.

8.6.3 Configuring a Device Level

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 621

8.6.4 Establishing an IS-IS Neighbor Relationship

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 622

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI,