In an OSI network there are four significant architectural entities: hosts, areas, a backbone, and a domain. A domain is any portion of an OSI network that is under common administrative authority. Within any OSI domain, one or more areas can be defined. An area is a logical entity; it is formed by a set of contiguous routers and the data links that connect them. All routers in the same area exchange information about all of the hosts that they can reach.
The areas are connected to form a backbone. All routers on the backbone know how to reach all areas. The term end system (ES) refers to any nonrouting host or node; intermediate system (IS) refers to a router. These terms are the basis for the OSI End System-to-Intermediate System (ES-IS) and Intermediate System-to-Intermediate System (IS-IS) protocols, both of which are discussed later in this document.
In contrast, CONS does require a circuit to be established before transmitting data. While CLNS and CONS define the actual services provided to the OSI transport layer entities that operate immediately above the network layer, Connectionless Network Protocol (CLNP) and Connection-Oriented Network Protocol (CONP) name the protocols that these services use to convey data at the network layer. CLNP is the OSI equivalent of IP.
Knowledge of OSI network addressing is the next step toward an understanding of routing. OSI network addresses are variable-length entities designed to handle networks of virtually any type and size. OSI addressing encompasses two primary concepts: Network Service Access Points (NSAPs) and Network Entity Titles (NETs).
NSAPs specify usage points at which network-layer services can be acquired. If there are multiple network-layer service users (for example, OSI transport protocols Transport Protocol 3 [TP-3] and Transport Protocol 4 [TP-4]) in a particular ES, then that ES will have multiple NSAP addresses. In contrast, NETs specify network-layer entities or processes. NET entities represent the active agents that operate within the network layer to carry out assigned functions. CLNP is a network-layer entity and would therefore have an associated NET. NSAP and NET structure is very similar; in fact, in an ES, they typically differ only in the last byte, called the selector. The NSAP selector is used to distinguish between logical entities on the host (a transport entity in an ES or a network entity in an IS).
NSAPs are hierarchical addresses consisting of two parts: an initial domain part (IDP) and a domain-specific part (DSP). The IDP consists of authority and format identifier (AFI) and initial domain identifier (IDI) parts. The AFI provides information about the structure and content of the IDI and DSP fields, including whether the IDI is of variable length and whether the DSP uses decimal or binary notation. The IDI further specifies an entity that can assign values to the DSP portion of the address.
When used in an environment where the OSI IS-IS protocol is used for routing, the DSP specifies the area, the station ID within the area, and the selector (port) number. Figure 1 illustrates the NSAP address format for use with IS-IS routing.
Figure 1: NSAP Address Format for Use With IS-IS Routing
Routing within an area is called level 1 routing; routing between areas is called level 2 routing. An IS that can route only within areas is known as a level 1 IS. A level 1 IS needs to know only about the ESs and other level 1 ISs in its own level 1 area and about the nearest level 2 IS that it can use to forward traffic out of its own area. Figure 2 illustrates the level 1 view of the routing domain.
Figure 2: Level 1 View of the Routing Domain
An IS that can route between areas is called a level 2 IS. A level 2 IS must understand the topology of the areas in which it resides, other level 2 ISs in its routing domain, and how to reach all other level 1 areas. Figure 3 illustrates the level 2 view of the routing domain.
Figure 3: Level 2 View of the Routing Domain
In OSI networks, each ES lives in a particular area. An ES discovers an IS by listening to "hello" messages exchanged as part of the ES-IS protocol (explained in the next section). When an ES wants to send a packet to another ES, it sends the packet to any directly connected Level 1 IS in its area. The IS looks up the destination address and forwards the packet along the best route. If the destination address is an ES in another area, the Level 1 IS sends the packet to the nearest Level 2 IS. Forwarding through Level 2 ISs continues until the packet reaches a Level 2 IS in the destination area. Within the destination area, Level 1 ISs forward the packet along the best path of Level 1 ISs until the destination ES is reached. Figure 4 illustrates the CLNP routing process.
Figure 4: CLNP Routing
Network-layer and routing protocols are both involved in the routing process; these protocols are discussed in the next two sections.
ES-IS
ES-IS is the means through which an ES becomes acquainted with an IS. It is a very simple protocol that makes use of three types of messages: end-system hellos (ESHs), intermediate-system hellos (ISHs), and redirects. An ESH announces the presence of an ES. An ESH is sent by all ESs to a special data-link layer address that all ISs on that network segment listen to. An ISH announces the presence of an IS. An ISH is sent by all ISs to a special data link-layer address that all ESs on t hat segment listen to. Both ESHs and ISHs provide network-layer and data link-layer addresses for the source nodes. An IS sends a redirect to an ES to tell the ES that there is a more efficient path to the destination.
Figure 5 shows an instance in which a redirect message instructs ES1 to send a packet to IS2 instead of IS1. At time 1, ES1 sends a packet to IS1. IS1's optimal path information, compiled with the help of routing protocols, specifies that the packet should be forwarded out the same port as the one from which the packet was received. In this case, the best path is really through IS2, which is directly accessible to ES1. At time 2, after it has forwarded the original packet to IS2, IS1 sends a redirect message to ES1 telling it that IS2 is a better route for datagrams destined for ES2. At time 3, ES1 directs a new packet to IS2.
Figure 5: Redirect Message Example
Where an ES is connected to an IS via a point-to-point connection, ISHs and redirects are not necessary. The ES simply sends the IS periodic ESHs to let the IS know its network-layer address. The IS can then announce to the rest of the network that it can forward datagrams to that ES.
Where an ES is connected to a LAN, more complicated (but still relatively simple) operations are required. All ESs send ESHs, and all ISs send ISHs. ESHs allow ISs to identify all ESs on the LAN; ISHs allow ESs to identify all ISs on the LAN. ESs maintain two caches: an IS cache that contains data link-layer addresses for all ISs on the LAN and a destination cache that contains the network layer/data link-layer address mappings for all destination ESs.
When an ES needs to transmit to a destination ES, it first checks its destination cache. If the destination ES is listed in the cache, the source ES addresses and sends the packet accordingly. If the destination ES is not in the destination cache, the source ES looks in its IS cache. If the IS cache is not empty, the source ES selects an IS from the cache and addresses its packet to that IS. In other words, the ES sends the packet to any directly connected IS in its area. The IS may or may not be the first step along the optimal path to the destination. If the IS determines that the next hop is another IS on the ES's LAN, it forwards the packet to that IS and sends the ES a redirect message. If the IS determines that the destination ES is on the source ES's LAN, it forwards the packet to the destination ES and sends a redirect message to the source ES.
If the IS cache is empty and there is no appropriate entry in the destination cache, the ES sends the packet to a multicast address indicating all ESs. All ESs on the LAN receive the multicast and examine the network-layer address. If an ES sees a network-layer address matching its own, it accepts the packet and sends an ESH to the source ES. All ESs without a matching network-layer address discard the packet. Figure 6 shows a flowchart of ES-IS operations.
Figure 6: ES-IS Operations
IS-IS
IS-IS is the standard intradomain routing (routing within a domain) protocol in the OSI protocol suite. It is a link state protocol, meaning that it calls for each IS to "meet" its neighbor ISs and proliferate information about the state of each neighbor link to all other ISs. Each IS stores these link state advertisements (LSAs) and can compute optimal routes to each ES from the complete topological knowledge they yield. IS-IS is a cost-based routing protocol. In other words, each IS that runs ISIS must be configured with a cost for each attached link. LSAs include costs to allow straightforward calculation of optimal routes.
LSA distribution is a critical part of IS-IS operations. All ISs must receive LSAs from all other ISs, or topological information is not complete. LSAs are flooded to all IS ports except those on which the LSA was received. LSAs also include remaining lifetime and sequence number fields. ISs use these fields to help determine whether received LSAs might be duplicates, too old, or otherwise inappropriate. ISs send LSAs at regular intervals and when the following special events occur:
When a level 1 IS receives a packet, it examines the destina-tion area address in the network-layer header. If this address matches the level 1 IS's area address, the IS routes based on the ID portion of the address. Otherwise, the IS forwards the packet to the closest level 2 IS. Within an area, a level 1 IS receiving a packet will look in its routing table to see if an entry exists for the destination ES. If an entry exists, the IS forwards the packet appropriately. If an entry does not exist, the packet is either dropped or forwarded to a default IS designated for such purposes.
Integrated IS-IS
Integrated IS-IS is an implementation of the IS-IS protocol for routing multiple network protocols. Today, Integrated ISIS standards exist that support CLNP and IP protocols.
Like all integrated routing protocols, Integrated IS-IS calls for all routers to run a single routing algorithm. LSAs sent by routers running Integrated IS-IS include all destinations running either IP or CLNP network-layer protocols. Protocols such as the Address Resolution Protocol (ARP) and the Internet Control Message Protocol (ICMP) for IP and the ES-IS protocol for CLNP still must be supported by routers running Integrated IS-IS.
Standard IS-IS packets must be modified to support multiple network-layer protocols. IS-IS packet formats were designed to support the addition of new fields without a loss of compatibility with nonintegrated versions of IS-IS. The fields that are added to IS-IS to support integrated routing:
Interdomain Routing
Interdomain routing (routing between domains) is philosophically different from intradomain routing; hence the separation of these protocols into a new category. The primary philosophical difference is that intradomain routing typically assumes a trusted environment in which constant communication within a single organization occurs. By contrast, interdomain routing often occurs between different organizations that want distinct and essential controls over information sent and received. Communication often is not as frequent and typically is subjected to additional scrutiny.
The simplest type of interdomain routing is static routing. In static routing systems, routes between domains are manually established and deestablished. Because it involves much more administrative overhead than dynamic routing, static routing is most often used when very few routes must be maintained.
Integrated IS-IS extensions for IP as defined in RFC 1195 also are supported. Users can perform CLNP routing over Ethernet, Fiber Distributed Data Interface (FDDI), Token Ring, and serial line networks. Cisco's OSI implementation is also compliant with the United States Government Open Systems Interconnection Profile (US-GOSIP) Version 2 specification, and Cisco is the first router vendor to be certified and registered with the National Institute of Standards and Technology (NIST).
Interoperability
The ability of protocol implementations to work with other implementations of the same protocol (often called interoperability) is a critical feature of any OSI implementation. Cisco's OSI implementation is highly interoperable, having been proven so in OSI interoperability demonstrations with AT&T, Data General, DEC, Frontier Technologies, HP, IBM, Intel, NCR, Novell, OSIWare, Spider, Sun, Tandem, Touch, Unisys, and Wollongong. Cisco routers are able to interoperate with equipment from each of these vendors, a fact that is particularly noteworthy in the case of AT&T, which many people believe has the largest installed base of CLNP end systems. Cisco also participated successfully in a European pilot demonstration of CLNP-protocol-based inter-domain routing (see Figure 7).
Figure 7: European CLNP Pilot
As networks grow larger, administrative control of network access becomes increasingly important. Such control is particularly important in OSI networks, which were designed to provide a rich feature set in support of large, heterogeneous networks. Cisco provides many features designed to enhance administrative control of OSI networks. These features are described in the next two sections.
Route Redistribution
Cisco routers support information sharing between multiple routing protocols and between multiple instances of the same routing protocol. Such sharing is known as route redistribution and is supported among all of Cisco's routing protocols. Route redistribution ensures that routing can occur in networks that run multiple routing protocols.
Over time, Cisco has enhanced its route redistribution support to improve administrative control over methods by which routing information moves between routing domains. To ease configuration of route redistribution, Cisco created route maps. A route map is a set of instructions that tell the router how routing information is to be redistributed between two routing protocols or between two instances of the same routing protocol.
Route maps contain an ordered list of match conditions. Each item in the list is matched in turn against any route that is a candidate for redistribution. When a match is found, an item performs an action associated with that match. The route can be permitted (redistributed) or not permitted (not redistributed), but the action also can mandate the use of certain administrative information (called route tags) that can be attached to routing data to augment routing decisions. Route maps also can mandate the use of certain route metrics or route types and even can modify the route's destination in outgoing advertisements. Where different networks share similar redistribution needs, network administrators can conserve memory and save time by using the same route map for more than one protocol pair.
Route maps give network managers unprecedented control over the ways that routing information is propagated in their networks. Redistribution configuration files that use route maps are easy to create, understand, and modify. Using route maps, Cisco users are able to build larger, more robust, reliable networks, with better traffic control than ever before.
OSI Filtering
Cisco offers advanced filtering features that provide additional administrative control of traffic flow in an OSI network. There are four components to a Cisco OSI filter:
Address templates are applied to NSAP addresses to provide flexible filtering based on all or a portion of the address. The simplest template is an address itself. Wildcard notation can be used in an address template to denote a match with anything. Address prefix and suffix matching is also possible. These features are particularly useful with NSAP's variable-length addresses. Both bit- and byte-level matching is also possible.
Because NSAP addresses can be relatively lengthy, address templates sometimes can become unwieldy. In these cases, address templates can be assigned names called template aliases. Template aliases allow repetitive use of address templates without concern for user typing mistakes and other problems. Aliases are more meaningful to human administrators than alphanumeric NSAP addresses are, so it is easier to look at a template alias and know what it denotes. Finally, when an address changes, administrators can simply modify the template alias.
A filter set is a named collection of address templates with associated permit/deny indications. Filter expressions are Boolean combinations of filter sets, other filter expressions, and certain logical operators (AND, OR, XOR, and NOT). Filter expressions allow filtering combinations not possible with simple filter sets. Further, they permit matches on source address. Filter sets and filter expressions can be applied to inbound or outbound CLNP datagrams, IS-IS adjacencies (IS-IS routers that are on the same network segment), ISO-IGRP adjacencies (ISO-IGRP routers that are on the same segment), ES-IS adjacencies (ESs and ISs that are on the same segment), and route redistribution. Together, they provide an extensive set of OSI filtering capabilities designed to ease network administration while saving time and reducing the possibility of configuration errors.
Integrated and Interdomain Routing
In addition to Cisco's support of Integrated IS-IS, its standard IS-IS implementation still can run simultaneously in the same router with other routing protocols. For example, users can use IS-IS to route CLNP and Enhanced IGRP to route IP. Both routing processes (IS-IS and Enhanced IGRP) operate autonomously in any router. This approach, which is often called ships-in-the-night routing, creates multiple logical routers within a single physical router. Physical routers analyze all incoming datagrams, identify the indicated network-layer protocol in each, and assign the packet to the appropriate logical router for processing.
In addition to Integrated IS-IS, Cisco continues to offer its ISOIGRP implementation. ISO-IGRP is another integrated routing protocol that accomplishes the same purpose as Integrated IS-IS. The primary difference between the two is that ISO-IGRP is a distance-vector protocol, whereas Integrated IS-IS is a link-state protocol.
ISO-IGRP also gave Cisco the distinction of being the first company to offer dynamic interdomain routing for CLNP. An ISO-IGRP network can connect two or more IS-IS domains. Route redistribution ensures that IS-IS routes can pass through the "foreign" environment without information loss. Static routes provide users with yet another way to effect inter-domain routing in CLNP environments.
Other Features
To provide monitoring and troubleshooting capability, the Cisco CLNP implementation supports both ping and trace commands. Ping commands are used to test the reachability of remote nodes. Trace commands allow an administrator to discover the path a packet takes when it traverses the network. In addition to these helpful and often-used commands, the show and debug commands display such information as the contents of the routing cache, lists of ES and IS neighbors, traffic statistics, and significant CLNP event occurrences. These capabilities constitute the industry's most robust set of CLNP monitoring and diagnostic features and, for the user, they translate into less time spent debugging network problems.
Routing paths through a network can be of equal cost. This is particularly common in the case of serial interfaces, because the speed of the lines is often the same. Rather than simply using one of two paths and subjecting traffic on that line to possible delay, Cisco supports per-packet load sharing between equal-cost paths. In other words, packets can be multiplexed in a round-robin fashion on up to four equal-cost paths. This technique provides better response through superior bandwidth utilization.
X.500 is the OSI name service protocol. Since X.500 implementations are not yet commonplace, Cisco offers system administrators a static name-to-address translation capability. This feature allows administrators to use convenient names rather than 20-byte NSAP addresses in all router commands. Administrators provide the router with name/NSAP address pairs, which are used for name-to-address translation.
Domain Name System (DNS) support for NSAP addresses, as defined in RFC 1348, is currently in transition. Cisco is tracking the transition and will support the standard that emerges. When the standard is complete, administrators will simply load the name-to-NSAP mapping into a DNS database. Thereafter, when a name that is not in the NSAP name database is encountered, a DNS lookup is executed automatically.
X.25 Switching
Cisco's support of ISO 8208 (CONS) provides the ability to extend X.25 switching to different media, such as Ethernet, Token Ring, and FDDI. CONS specifies the implementation of packet-level X.25 over the Logical Link Control 2 (LLC2) connection-oriented data link service on LAN media. LAN-based OSI nodes can be connected both to one another and to remote OSIbased DTE devices via X.25 public data networks (PDNs) or point-to-point lines. Figure 8 shows examples of each of these Cisco CONS configurations.
Figure 8: Example Cisco CONS Configurations
