The first step of this workshop lab will set up the routing protocols to let us talk to our upstream Transit provider. We need to configure IS-IS so that our routers in our AS can see each other first. Once this is in place we can then set up iBGP so that we can distribute our customer prefixes and prefixes learned from the Internet across our autonomous system.
Each team will need to configure IS-IS between the four routers in their AS. The Core router should be straightforward to configure. It has one loopback interface, one interface connecting to the Peering router, one interface connecting to the Access router, and one interface connecting to the Border router in the autonomous system. And even though we are using ethernet to connect the routers, these are only point-to-point links and IS-IS should be configured as such.
For the Peering, Access and Border routers, IS-IS should only be activated on the internal interface, with the loopback marked as passive. Note we do not configure IS-IS on the interface pointing to outside of our network nor do we mark it as passive as we will be using next-hop-self for our iBGP sessions.
Note 1: Your Customer router is not in your AS (remember what the definition of an autonomous system is?), so do not configure IS-IS between your Access router and your customer!
Note 2: Your server appliance (SRV) will not be talking IS-IS with your network, so do not configure IS-IS between it and your Core router!
The following sections step through building up the IS-IS configuration on the Core router. Other team members should work through the same steps for the Border, Peering and Access routers.
We now create the basic IS-IS process.
Recall from the IS-IS presentation that there were two suggested ways of configuring an NET address. We will use the alternative and simpler method here1, namely 49.0001.group.loop.00. For example, the access router (loopback 100.68.2.4) in Group 2 would have an NET address of 49.0001.0002.0004.00.
Enable multi-topology for our dual stack network, set the modern wide metrics, and use a default metric of 100000 for both IPv4 and IPv6. Also, we change Cisco’s default of L1-L2 operation to be L2 only.
Here is the template to use. Replace X with the group number, and Y with the router number in the group.
router isis asX0
net 49.0001.000X.000Y.00
is-type level-2-only
metric-style wide
log-adjacency-changes all
metric 100000
!
address-family ipv6
multi-topology
metric 100000
!
As we will be using neighbour authentication as discussed in the IS-IS presentation, first we create the authentication key-chain. We are using “isplab” as the key here. As usual, replace the “X” with your Group number.
key chain asX0-key
key 1
key-string isplab
!
The authentication is added in to the IS-IS process, being applied to every interface enabled for IS-IS.
router isis asX0
authentication mode md5 level-2
authentication key-chain asX0-key level-2
!
We also need to announce the IPv4 and IPv6 Loopback interface addresses. The easiest way of doing this is just making that interface as “passive” in IS-IS - this is designed to announce the interface addresses without running IS-IS on the interface.
router isis asX0
passive-interface loopback0
!
We also configure IS-IS to set the overload-bit for as long as the router’s iBGP is not up and running. This ensures that there isn’t any connectivity breakage during the router boot up. (IS-IS will start up a lot more quickly than iBGP will, because iBGP is dependent on IS-IS for its next-hop reachability information. Only when iBGP is up and running will IS-IS remove the overload-bit and make the path through the router a valid path for IS-IS to use for next-hop reachability.)
router isis asX0
set-overload-bit on-startup wait-for-bgp
!
address-family ipv6
set-overload-bit on-startup wait-for-bgp
!
And finally the configured IS-IS process is now applied to all interfaces where we expect to find adjacencies. Note that we only enable IS-IS on interfaces connected to other routers inside our autonomous system. And we activate both IPv4 and IPv6 adjacencies.
The interface metric on all interfaces is set to “2”, done for both IPv4 and IPv6. Note that each ethernet interface is declared to be point-to-point - even though they are broadcast interfaces, there are only two devices so we do not need the DIS selection as with normal broadcast media.
Here is a configuration example for the core router:
interface GigabitEthernet 1
description BackBone link to Border Router
ip router isis asX0
isis metric 2
isis network point-to-point
ipv6 router isis asX0
isis ipv6 metric 2
!
interface GigabitEthernet 2
description BackBone link to Peering Router
ip router isis asX0
isis metric 2
isis network point-to-point
ipv6 router isis asX0
isis ipv6 metric 2
!
interface GigabitEthernet 3
description BackBone link to Access Router
ip router isis asX0
isis metric 2
isis network point-to-point
ipv6 router isis asX0
isis ipv6 metric 2
!For the routers with connections outside the local autonomous system, we have to be very careful not to enable IS-IS on those external links. Nor do we need to carry those external link addresses in IS-IS. So do not enable IS-IS on an interface unless the router at the other end of that link is part of your own autonomous system.
Once IS-IS is working inside your autonomous system, check that you can reach all other routers inside your AS. Easiest way to test this it to ping the IPv4 and IPv6 loopback addresses from each router. Does it all work? If not, what could be wrong? And ask the instructors if you need assistance.
Note that your Customer will still be inaccessible apart from the Access router - this is what we expect, and we will fix this in the BGP lab coming up next.
The alternative, commonly used, method builds the NET from the entire IPv4 loopback address. In this method, we take the address (e.g. 192.168.1.1), insert the leading zeroes (e.g. 192.168.001.001) and then move the “dots” to create a number with 4 character fields (e.g. 1921.6800.1001) and then use this as the major part of the NET address.↩︎