Guest

IP Routing

Using IS-IS ATT-Bit Control Feature

Table Of Contents

Application Note

Introduction

Overview

Issue

Command Syntax

Benefit

Feature Usage Examples

Example 1

Example 2

Software

Reference


Application Note


Using the IS-IS Attach-Bit
Control Feature

Introduction

In Intermediate System-to-Intermediate System (IS-IS) networks, routing inter-area traffic from Layer 1 areas is accomplished by sending the traffic to the nearest Layer 1/Layer 2 router. A Layer 1/Layer 2 router identifies itself by setting an attach-bit (ATT-bit) in its Layer 1 link-state packet (LSP). In some situations, however, it might not be desirable to set the ATT-bit. For example, if there are multiple Layer 1/Layer 2 routers within a Layer 1 area and one of the Layer 1/Layer 2 routers loses its backbone connection, continuing to send inter-area traffic to this Layer 1/Layer 2 router can cause the traffic to be dropped. Cisco IOS® Software now introduces a new capability to allow network administrators to control when a Layer 1/Layer 2 router should set the ATT bit and avert dropped traffic.

Overview

In networks running hierarchical routing protocols—IS-IS or Open Shortest Path First (OSPF) Protocol, for example—it is beneficial, for redundancy purposes, to have multiple paths reach the backbone area from a local area. If one of the paths is lost to the backbone area, the other path can continue to be used for forwarding inter-area traffic. With IS-IS, routing the inter-area traffic is accomplished by sending the traffic to the closest Layer 1/Layer 2 router. Layer 1/Layer 2 routers identify themselves by setting the ATT-bit in their Layer 1 LSPs. Upon receiving an LSP with the ATT-bit set, a Layer 1 router knows that the LSP originator is a Layer 1/Layer 2 router that can be used to route inter-area traffic. When there are multiple Layer 1/Layer 2 routers in one local area, the Layer 1 routers within that local area forward inter-area traffic to the nearest Layer 1/Layer 2 router (Figure 1).

In Figure 1, the network element (NE) devices in Area 1 are acting as Layer 1 routers. They use either Rtr1 or Rtr2 Layer 1/Layer 2 routers to forward the traffic destined to areas outside of their local area. Assume all the links have equal cost. NE1 would use Rtr1 because it is closer than Rtr2. On the other hand, NE3 would use Rtr2. NE2 would perform load balancing to Rtr1 and Rtr2 because they are equidistant to NE2.

Figure 1

Sample Connectionless Network Service (CLNS) Network Topology

Issue

With the introduction of the multi-area support feature, Layer 1/Layer 2 routers can connect to multiple Layer 1 areas. This has effectively reduced the number of Layer 1/Layer 2 routers needed because multiple Layer 1 areas can share one Layer 1/Layer 2 router. On the other hand, it can complicate networks. In earlier Cisco IOS Software implementations, a Layer 1/Layer 2 router would set the ATT-bit in its Layer 1 LSP if it connects to multiple Layer 1 areas. Thus, if the backbone connection is lost, the Layer 1/Layer 2 router would still set the ATT-bit in the Layer 1 LSP. Consequently, the Layer 1 devices associated with that Layer 1/Layer 2 router would continue sending inter-area traffic to the Layer 1/Layer 2 router and cause the traffic to be dropped. For example, in Figure 1, Rtr1 has connections to two Layer 1 areas in addition to the backbone area. If the connection between Rtr1 and its upstream router were lost, Rtr1 would still set the ATT-bit in its LSP. Consequently, NE1 would still send inter-area traffic to Rtr1. However, because Rtr1 has lost its connection to the L2 area, it uses Rtr2 to route inter-area traffic. This causes the traffic to be sent back to NE1. Thus, a routing loop—an undesirable situation—is formed.

To address this problem, Cisco IOS Software implements a new capability to allow users to have greater control of setting the ATT-bit. Instead of setting the ATT-bit whenever seeing other areas, a Cisco router can now set the ATT-bit based on the criteria specified in a route map. Users can use the "match" command associated with a route map to match a Connectionless Network Service (CLNS) area address. When the specified area address is not found in the CLNS routing table, the "match" condition fails, the route map is said to "not be satisfied," and the ATT-bit will not be set. A complete configuration example will be discussed in the "Feature Usage Examples" section.

Command Syntax

This new command is configured under "router isis <name>". It enables the ATT-bit control capability.

router(config-router)#set-attach-bit route-map <map name>

Here is an example of a route map.

!
clns filter-set BB_Area_Address permit 39.0000
!
route-map <map name> permit 10
 match clns address BB_Area_Address
!

Benefit

This procedure provides more control over setting the ATT-bit to avert the dropping of packets.

Feature Usage Examples

Example 1

A lab example demonstrates how this new feature is used (Figure 2).

Figure 2

Sample CLNS Network Topology

In Figure 2, 72-R1 and 72-R2 are the Layer 1/Layer 2 boundary routers connecting to multiple Layer 1 areas—Area 1 and Area 2—as well as the backbone area. The area addresses are 39.0001, 39.0002, and 39.0000 for Area 1, Area 2, and the backbone area, respectively. Routers 72-R1 and 72-R2 have the ATT-bit set. To reach Router 75-R1 in the backbone area, 26-R1 uses the 72-R1 L1/L2 router because it is closer than 72-R2. Similarly, 26-R2 uses the 72-R2 L1/L2 router. Router 72-e can use either 72-R1 or 72-R2 because 72-e is equidistant to each. We can observe this by the following traceroute output.

(Note: The last two octets of the system ID of the routers in Figure 2 are meant to represent the router's name; that is, 72-R1 has "7201" as the last two octets in its system ID, and 72-R2 has "7202.")

 
2600-R1#traceroute 39.0000.0000.0000.7500.00

Type escape sequence to abort.
Tracing the route to 39.0000.0000.0000.7500.00
  1 39.0001.0000.0000.7201.00 0 msec ! 0 msec ! 0 msec !
  2 39.0000.0000.0000.7500.00 0 msec ! 0 msec ! 0 msec !
2600-R1#


2600-R2#traceroute 39.0000.0000.0000.7500.00

Type escape sequence to abort.
Tracing the route to 39.0000.0000.0000.7500.00
  1 39.0001.0000.0000.7202.00 0 msec ! 0 msec ! 0 msec !
  2 39.0000.0000.0000.7500.00 0 msec ! 0 msec ! 0 msec !

pf1-72e#traceroute 39.0000.0000.0000.7500.00

Type escape sequence to abort.
Tracing the route to 39.0000.0000.0000.7500.00
  1 39.0001.0000.0000.2602.00 0 msec !
      39.0001.0000.0000.2601.00 0 msec !
      39.0001.0000.0000.2602.00 0 msec !
  2 39.0001.0000.0000.7201.00 0 msec !
      39.0001.0000.0000.7202.00 0 msec !
      39.0001.0000.0000.7201.00 0 msec !
  3 39.0000.0000.0000.7500.00 0 msec ! 0 msec ! 0 msec !

The ATT-bit setting can be observed by "show isis database" output.


72-R1#sh isis database

Area Area1:
IS-IS Level-1 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
2600-R1.00-00         0x0000007A   0x7861        1127              0/0/0
2600-R1.01-00         0x00000079   0x3DDC        412               0/0/0
2600-R1.02-00         0x00000079   0xD14B        782               0/0/0
2600-R2.00-00         0x0000007D   0x6DC7        855               0/0/0
72-R1.00-00         * 0x00000078   0xF855        888               1/0/0
72-R2.00-00           0x0000007C   0x6791        567               1/0/0
72-R2.01-00           0x00000005   0x0DE8        732               0/0/0
72-R2.02-00           0x00000077   0x01CC        597               0/0/0
pf1-72e.00-00         0x00000008   0x03CD        584               0/0/0
pf1-72e.02-00         0x00000006   0xF347        972               0/0/0
IS-IS Level-2 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
72-R1.00-00         * 0x00000079   0x4B7D        883               0/0/0
72-R1.01-00         * 0x00000001   0xBBC6        883               0/0/0
72-R1.02-00         * 0x00000076   0x8A83        679               0/0/0
72-R2.00-00           0x00000079   0x4EB8        1049              0/0/0
72-R2.01-00           0x00000078   0xD236        1035              0/0/0
75-R1.00-00           0x000000A8   0xB91E        880               0/0/0

Area Area2:
IS-IS Level-1 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
72-R1.00-00         * 0x00000075   0x4DCF        330               1/0/0
72-R1#

To trigger the issue discussed earlier, we will shut down the interface between 72-R1 and 75-R1, which simulates the loss of backbone connection. Because 72-R1 still sees two area addresses—39.0001 and 39.0002—it would still set the ATT-bit. We can observe this in the following show output.


72-R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
72-R1(config)#int e2/1
72-R1(config-if)#sh
72-R1(config-if)#shutdown 
72-R1(config-if)#
1d07h: %LINK-5-CHANGED: Interface Ethernet2/1, changed state to administratively down
1d07h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet2/1, changed state to down
72-R1(config-if)#end
72-R1#sh i
1d07h: %SYS-5-CONFIG_I: Configured from console by console 
72-R1#sh isis da
72-R1#sh isis database 72-R1.00-00

Area Area1:

IS-IS Level-1 LSP 72-R1.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
72-R1.00-00         * 0x00000079   0xC295        1174              1/0/0

IS-IS Level-2 LSP 72-R1.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
72-R1.00-00         * 0x0000007A   0xC210        1174              0/0/0

Area Area2:
IS-IS Level-1 LSP 72-R1.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
72-R1.00-00         * 0x00000076   0x4BD0        739               1/0/0
72-R1# 

Now use the traceroute command again from 26-R1 to 75-R1.


2600-R1#traceroute 39.0000.0000.0000.7500.00

Type escape sequence to abort.
Tracing the route to 39.0000.0000.0000.7500.00
  1 39.0001.0000.0000.7201.00 4 msec ! 0 msec ! 0 msec !
  2 39.0001.0000.0000.2601.00 0 msec ! 0 msec ! 0 msec !
  3 39.0001.0000.0000.7201.00 0 msec ! 0 msec ! 0 msec !
  4 39.0001.0000.0000.2601.00 0 msec ! 0 msec ! 0 msec !
  5 39.0001.0000.0000.7201.00 0 msec ! 0 msec ! 0 msec !
  6 39.0001.0000.0000.2601.00 0 msec ! 0 msec ! 0 msec !
  7 39.0001.0000.0000.7201.00 4 msec ! 4 msec ! 4 msec !
  8 39.0001.0000.0000.2601.00 4 msec ! 4 msec ! 4 msec !
  9 39.0001.0000.0000.7201.00 4 msec ! 4 msec ! 4 msec !
 10 39.0001.0000.0000.2601.00 4 msec ! 4 msec ! 4 msec !
 11 39.0001.0000.0000.7201.00 4 msec ! 4 msec ! 4 msec !
 12 39.0001.0000.0000.2601.00 4 msec ! 4 msec ! 4 msec !
 13 39.0001.0000.0000.7201.00 4 msec ! 4 msec ! 4 msec !
 14 39.0001.0000.0000.2601.00 4 msec ! 4 msec ! 4 msec !
 15 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 4 msec !
 16 39.0001.0000.0000.2601.00 4 msec ! 8 msec ! 4 msec !
 17 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 8 msec !
 18 39.0001.0000.0000.2601.00 8 msec ! 8 msec ! 8 msec !
 19 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 8 msec !
 20 39.0001.0000.0000.2601.00 8 msec ! 8 msec ! 8 msec !
 21 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 8 msec !
 22 39.0001.0000.0000.2601.00 8 msec ! 8 msec ! 8 msec !
 23 39.0001.0000.0000.7201.00 8 msec ! 8 msec ! 8 msec !
 24 39.0001.0000.0000.2601.00 8 msec ! 8 msec ! 8 msec !
 25 39.0001.0000.0000.7201.00 12 msec ! 12 msec ! 12 msec !
 26 39.0001.0000.0000.2601.00 12 msec ! 12 msec ! 12 msec !
 27 39.0001.0000.0000.7201.00 12 msec ! 12 msec ! 12 msec !
 28 39.0001.0000.0000.2601.00 12 msec ! 12 msec ! 12 msec !
 29 39.0001.0000.0000.7201.00 12 msec ! 12 msec ! 12 msec !
 30 39.0001.0000.0000.2601.00 12 msec ! 12 msec ! 12 msec !
2600-R1# 

The packets are looping between 26-R1 and 72-R1.

To address this issue, we will apply the ATT-bit control capability on 72-R1. We add the following configuration to 72-R1.

!
clns filter-set BB_Area_Address permit 39.0000
!
router isis Area1
 net 39.0001.0000.0000.7201.00
 set-attached-bit route-map Is_BB_Connection_Up
!
route-map Is_BB_Connection_Up permit 10
 match clns address BB_Area_Address
!

With the configuration above, 72-R1 sets the ATT-bit only if the "Is_BB_Connection_Up" route map is satisfied. The route map is satisfied only if the "39.0000" backbone area address is in the Layer 2 CLNS routing table. Because 72-R1 has lost the connection to the backbone area, it would not have the "39.0000" area address in its Layer 2 CLNS routing table. Thus, the route map is not satisfied, and 72-R1 should no longer set the ATT-bit. The following output shows the ATT-bit from 72-R1 is not set after applying the configuration above.


72-R1#sh isis database

Area Area1:
IS-IS Level-1 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
2600-R1.00-00         0x0000007B   0x7662        398               0/0/0
2600-R1.01-00         0x0000007C   0x37DF        1197              0/0/0
2600-R1.02-00         0x0000007B   0xCD4D        868               0/0/0
2600-R2.00-00         0x0000007F   0x69C9        769               0/0/0
72-R1.00-00         * 0x00000083   0xA6AF        1196              0/0/0
72-R1.01-00         * 0x00000004   0x09EF        1185              0/0/0
72-R2.00-00           0x0000007E   0x6393        611               1/0/0
72-R2.01-00           0x00000007   0x09EA        708               0/0/0
72-R2.02-00           0x00000079   0xFCCE        594               0/0/0
pf1-72e.00-00         0x0000000A   0xFECF        621               0/0/0
pf1-72e.02-00         0x00000008   0xEF49        926               0/0/0
IS-IS Level-2 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
72-R1.00-00         * 0x0000007F   0xB815        1183              0/0/0
72-R1.01-00         * 0x00000007   0x700E        1184              0/0/0
72-R1.02-00         * 0x00000079   0x8486        1094              0/0/0
72-R2.00-00           0x0000007B   0x4ABA        1151              0/0/0
72-R2.01-00           0x0000007A   0xCE38        988               0/0/0
75-R1.00-00           0x000000AF   0xAB25        1142              0/0/0

Area Area2:
IS-IS Level-1 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
72-R1.00-00         * 0x00000001   0x365B        1099              1/0/0

We will repeat the traceroute from 26-R1.


2600-R1#traceroute 39.0000.0000.0000.7500.00

Type escape sequence to abort.
Tracing the route to 39.0000.0000.0000.7500.00
  1 39.0001.0000.0000.7205.00 0 msec ! 0 msec ! 0 msec !
  2 39.0001.0000.0000.2602.00 0 msec ! 0 msec ! 0 msec !
  3 39.0001.0000.0000.7202.00 0 msec ! 0 msec ! 0 msec !
  4 39.0000.0000.0000.7500.00 0 msec ! 0 msec ! 0 msec !

We see that the traffic now uses 72-R2 to reach the backbone 75-R1. The issue is resolved.

Example 2

The ATT-bit control feature can also be used in more complex networks. In this example, we will discuss how to use the ATT-bit control feature to deal with the failure of the backbone connection occurring on an upstream router of a Layer 1/Layer 2 router and not on the Layer 1/Layer 2 router itself (Figure 3).

Figure 3

CLNS Network with Multi-area Connecting to Backbone via A Layer 2 Router

The only direct connection from Rtr1 to the rest of backbone area is via the link between itself to Rtr2. When the link fails, Rtr1 loses the connection to the backbone. The two L1/L2 routers connecting to Rtr1 L2 in Area 1 and Area 2 still have the backbone area address, 39.0000. This is because they still have a Layer 2 adjacency to Rtr1 L2 and Rtr1 is part of the 39.0000 area. Thus, the two L1/L2 routers would still set the ATT-bit in the Layer 1 LSP to the local area. As a result, the inter-area traffic from each local area will still send to the two L1/L2 routers, then to Rtr1 L2, and finally drop by Rtr1 L2.

Thus, we cannot just use the 39.0000 area address to satisfy the route map because the Layer 1/Layer 2 routers will still have the 39.0000 area address in their routing tables. Instead, we can create another area address in the backbone area as a "beacon" area address and use it to satisfy the route map (Figure 4).

Figure 4

Using ATT-bit Control with Beacon Area To Avoid Potential Routing Blackhole

This beacon address should be set somewhere behind Rtr1 L2. The idea is that if L2 Rtr1 loses its connection to the backbone, the "beacon" area address is also lost. In turn, so would the two L1/L2 routers. With this setup, when L2 Rtr1 loses its backbone connection, the two L1/L2 routers will clear the ATT-bit. The inter-area traffic from each local area will then use the other L1/L2 router.

The configuration would look like this:


On Rtr2:
!
router isis Backbone_Area
 net 39.0000.xxxx.xxxx.xxxx.xx
 net 39.9999.xxxx.xxxx.xxxx.xx  ! Beacon area address
!

On the L1/L2 routers connecting to Rtr1
!
clns filter-set Beacon_Area_Address permit 39.9999
!
router isis Area1
 net 39.0001.xxxx.xxxx.xxxx.xx
 set-attached-bit route-map Is_BB_Connection_Up
!
route-map Is_BB_Connection_Up permit 10
 match clns address Beacon_Area_Address
!

Software

Cisco IOS Software Release 12.2(4)T

Reference

CSCdp64489