IS-IS Support for an IS-IS Instance per VRF for IP

This module introduces support for multiple VPN routing and forwarding (VRF)-aware Intermediate System-to-Intermediate System (IS-IS) instances. The VRF functionality allows Internet service providers (ISPs) to separate routing protocol information and propagate it to the appropriate routing table and network neighbors. Using one router with VRF functionality is more cost-effective than using separate routers to separate and forward the routing information.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for IS-IS Support for an IS-IS Instance per VRF for IP

  • You must be running IS-IS on your network.

  • The VRF configuration is a prerequisite to associating an IS-IS instance with that specific VRF. However, the VRF configuration is independent of associating it with IS-IS or any other routing protocol. An IS-IS instance cannot be referred to as being VRF-aware until it has been associated with a particular VRF.

Restrictions for IS-IS Support for an IS-IS Instance per VRF for IP

IS-IS VRF support is supported only for IPv4.

When you configure the IS-IS Support for an IS-IS Instance per VRF for IP feature, you must comply with the following nine best practices guidelines:

  • IS-IS instances running Connectionless Network Services (CLNS) must have the same system ID.

  • An IS-IS instance that is running CLNS or IPv6 cannot be associated with a VRF.

  • You can configure only one IS-IS instance to run both CLNS and IP.

  • IS-IS instances within the same VRF must have unique system IDs, although IS-IS instances located in separate VRFs can have the same system ID.

  • You can associate an IS-IS instance with only one VRF.

  • You can configure the passive-interface default command only on one IS-IS instance per VRF.

  • Redistribution is allowed only within the same VRF.

  • You can enable only one IS-IS instance per interface.

  • An interface can belong to an IS-IS instance only if they are associated with the same VRF.


Note

If you are using LDP, you cannot use the route-target command when configuring a VRF. The router will use BGP for Multiprotocol Label Switching (MPLS) labels.

Information About IS-IS Support for an IS-IS Instance per VRF for IP

VRF-Aware IS-IS

You can configure IS-IS to be VRF-aware. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included in the routing table.

IS-IS Support for an IS-IS Instance per VRF for IP Feature Operation

ISPs have the capability to create multiple VRF-aware IS-IS instances that run on one router, rather than requiring duplicate hardware. IS-IS can be enabled to be VRF-aware, and ISPs can use multiple VRF-aware IS-IS instances to separate customer data while propagating the information to appropriate service providers.

For example, an ISP can create three VRFs--VRF First, VRF Second, and VRF Third--to represent three separate customers. A VRF-aware IS-IS instance is created and associated with each VRF: tagFIRST, tagSECOND, and tagTHIRD. Each instance will have its own routing process, IS-IS database, and routing table, and will calculate its own shortest path first (SPF) tree.

How to Configure IS-IS Support for an IS-IS Instance per VRF for IP

Creating a VRF

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip cef [distributed ]
  4. ip vrf vrf-name
  5. rd route-distinguisher
  6. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ip cef [distributed ]

Example:


Device(config)# ip cef distributed

(Optional) Enables CEF on the Route Processor card.

  • If CEF is not enabled by default on your particular platform, you must configure it with the ip cef command.

Step 4

ip vrf vrf-name

Example:


Device(config)# ip vrf vrfFirst

Configures a VRF routing table, and enters VRF configuration mode.

Step 5

rd route-distinguisher

Example:


Device(config-vrf)# rd 1:1

Creates routing and forwarding tables for a VRF.

Step 6

end

Example:


Device(config-vrf)# end

Exits VRF configuration mode and returns to privileged EXEC mode.

Attaching an Interface to the VRF

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface type number
  4. ip vrf forwarding vrf-name
  5. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

interface type number

Example:


Device(config)# interface Gigabitethernet 0/0

Configures an interface type and enters interface configuration mode.

Step 4

ip vrf forwarding vrf-name

Example:


Device(config-if)# ip vrf forwarding vrfFirst

Associates a VPN routing and forwarding instance (VRF) with an interface or subinterface.

Step 5

end

Example:


Device(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Creating VRF Aware IS-IS Instances

Before You Begin

  • You must have IS-IS running on your network.

  • If CEF is not enabled by default on your platform, enable CEF to associate interfaces with VRF-aware IS-IS instances.

Creating a VRF-Aware IS-IS Instance in Interface Configuration Mode

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface type number
  4. ip address ip-address mask [secondary ]
  5. ip router isis process-tag
  6. no shutdown
  7. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface type number

Example:

Device(config)# interface FastEthernet 0/2

Configures an interface type and enters interface configuration mode.

Step 4

ip address ip-address mask [secondary ]

Example:

Router(config-if)# ip address 172.16.11.1 255.255.255.255

Sets a primary or secondary IP address for an interface.

Step 5

ip router isis process-tag

Example:

Device(config-if)# ip router isis vrfFirst

Configures an IS-IS routing process for IP on an interface and attaches a tag to the routing process.

Note 

The configuration of the interface-mode ip router isis command will overwrite the prior configuration on that interface, but only if the new configuration is attempting to change the interface ownership to a different instance that is in the same VRF as the currently configured owner instance. The configuration will be rejected if the attempted change is between two instances that are associated with different VRFs.

Step 6

no shutdown

Example:

Device(config-if)# no shutdown

Restarts a disabled interface.

Step 7

end

Example:

Device(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Creating a VRF-Aware IS-IS Instance in Router Configuration Mode

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. router isis process-tag
  4. vrf vrf-name
  5. net network-entity-title
  6. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

router isis process-tag

Example:

Device(config)# router isis tagFirst

Enables the IS-IS routing protocol, specifies an IS-IS process, and enters router configuration mode.

Step 4

vrf vrf-name

Example:

Device(config-router)# vrf vrfFirst

Associates an IS-IS instance with a VRF.

  • It is presumed that the VRF named vrfFirst was previously created.

Step 5

net network-entity-title

Example:

Device(config-router)# net 49.000b.0000.0001.0002.00

Configures an IS-IS NET for a CLNS routing process.

Step 6

end

Example:

Device(config-router)# end

Exits router configuration mode.

Configuration Examples for IS-IS Support for an IS-IS Instance per VRF for IP

Example: Configuring Multiple VRF-Aware IS-IS Instances

In the following example, the VRF Second is created and an IS-IS instance is created explicitly by entering the router isis command on the router: 


Router(config)# ip cef distributed
Router(config)# ip routing
Router(config)# ip vrf Second
Router(config-vrf)# rd 1:1
Router(config-if)# router isis tagSecond
Router(config-router)# vrf Second
Router(config-router)# net 49.000b.0000.0001.0002.00

The VRF Third is created and a VRF-aware IS-IS instance is automatically created when the ip router isis command is entered: 


Router(config)# ip vrf Third
Router(config-vrf)# rd 1:1
Router(config-if)# interface FastEthernet0/2
Router(config-if)# ip vrf forwarding Third
Router(config-if)# ip address 172.16.10.1 255.255.255.0
Router(config-if)# ip router isis tagThird
Router(config-if)# no shutdown

A new IS-IS instance with the process tag tagThird will automatically be created and associated with the VRF Third. When the show running-config command is entered, the following information for the new IS-IS instance will be displayed: 


Router# show running-config
Building configuration
.
.
.
router isis tagThird
 vrf Third
Router(config)# router isis tagThird
Router(config-router)# net 49.000b.0000.0001.0001.00

The following sample output verifies information for the VRF-aware IS-IS instances that were created in the previous examples: 


Router# show isis tagThird topology
Tag tagThird:
IS-IS paths to level-2 routers
System Id             Metric  Next-Hop                 Interface   SNPA
router-02             10      router-02                Fa4/3       0010.0ddc.e00b
router-03             10      router-03                Et0/2       0006.0e03.0c45
router-04             10      router-04                Fa4/0       000a.f3c3.1c70
.                             router-04                Fa4/1       000a.f3c3.1c71
.
.

Router# show clns tagSecond neighbors
Tag tagSecond:
System Id      Interface   SNPA                State  Holdtime  Type Protocol
router-03      Fa0/2       00d0.2b7f.9502      Up     9         L2   IS-IS
router-03      PO2/2.1     DLCI 211            Up     27        L2   IS-IS
router-02      PO2/0.1     DLCI 131            Up     29        L2   IS-IS
router-11      Fa0/4       000e.d79d.7920      Up     7         L2   IS-IS
router-11      Fa0/5       000e.d79d.7921      Up     8         L2   IS-IS
router-11      PO3/2.1     DLCI 451            Up     24        L2   IS-IS
.
.
.

Router# show isis tagThird database level-2
Tag tagThird:
IS-IS Level-2 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
router-01.00-00       0x0000000A    0x5E73       914               0/0/0
router-01.03-00       0x00000001    0x8E41       894               0/0/0
router-01.04-00       0x00000001    0x8747       894               0/0/0
router-03.00-00     * 0x00000005    0x55AD       727               0/0/0
router-03.02-00     * 0x00000001    0x3B97       727               0/0/0
router-02.00-00       0x00000004    0xC1FB       993               0/0/0
router-02.01-00       0x00000001    0x448D       814               0/0/0
router-04.00-00       0x00000004    0x76D0       892               0/0/0
Router# show isis tagThird database level-1
Tag tagThird:
IS-IS Level-1 Link State Database:
LSPID                  LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
router-03.00-00      * 0x0000000B   0xBDF6        1005              1/0/0
router-03.02-00      * 0x00000001   0xC473        940               0/0/0
router-07.00-00        0x00000006   0x403A        940               0/0/0
Router# show clns tagSecond protocol
IS-IS Router: tagSecond
  System Id: 0000.0001.0002.00  IS-Type: level-2-only
  Manual area address(es): 
        49.000b
  Routing for area address(es): 
        49.000b
  Interfaces supported by IS-IS:
        FastEthernet4/1 - IP
        FastEthernet4/0 - IP
        Ethernet0/2 - IP
        FastEthernet4/3 - IP
  Redistributing: 
    static
  Distance: 110
  RRR level: none
  Generate narrow metrics: level-1-2
  Accept narrow metrics:   level-1-2
  Generate wide metrics:   none
  Accept wide metrics:     none
Router# show clns tagThird protocol
IS-IS Router: tagThird
  System Id: 0000.0001.0001.00  IS-Type: level-1-2
  Manual area address(es): 
        49.000b
  Routing for area address(es): 
        49.000b
  Interfaces supported by IS-IS:
        POS2/2.1 - IP
        FastEthernet0/2 - IP
        FastEthernet0/4 - IP
        POS2/0.1 - IP
        FastEthernet0/5 - IP
        POS3/2.1 - IP
  Redistributing: 
    static
  Distance: 110
  RRR level: none
  Generate narrow metrics: none
  Accept narrow metrics:   none
  Generate wide metrics:   level-1-2
  Accept wide metrics:     level-1-2

Example: Creating an IS-IS Instance Without a Process Tag

In the following example, an IS-IS instance was created without the optional process tag. When an IS-IS instance is created without the optional process tag, you can display its information by entering the commands such as show clns protocol with "null" specified for the process-tag argument. 


Router(config)# router isis
Router(config-router)# vrf first
Router(config-router)# net 49.000b.0000.0001.ffff.00
Router(config-router)# is-type level-1
Router(config)# interface POS 6/1
Router(config-if)# ip vrf forwarding first
Router(config-if)# ip address 172.16.2.1 255.255.255.0
Router(config-if)# ip router isis
Router(config-if)# no shutdown

Because the IS-IS instance is created without the optional process tag, its information is displayed when the show clns protocol command is entered with with "null" specified for the process-tag argument: 


Router# show clns null protocol
IS-IS Router: <Null Tag>
  System Id: 0000.0001.FFFF.00  IS-Type: level-1
  Manual area address(es): 
        49.000b
  Routing for area address(es): 
        49.000b
  Interfaces supported by IS-IS:
        POS6/1 - IP
  Redistributing: 
    static
  Distance: 110
  RRR level: none
  Generate narrow metrics: level-1-2
  Accept narrow metrics:   level-1-2
  Generate wide metrics:   none
  Accept wide metrics:     none

Example: Redistributing Routes from an IS-IS Instance

In the following sample configuration, routes have been redistributed from the IS-IS instance "null" into the IS-IS instance named tagBLUE. Routes from an OSPF process in VRF Blue have been redistributed into the IS-IS instance named tagBLUE.

In order to redistribute between two different IS-IS instances they must be configured in the same VRF context. 


Router(config)# router isis tagBLUE
Router(config-router)# redistribute isis null ip metric 10 route-map isisMAP1
Router(config-router)# redistribute ospf 1 vrf BLUE metric 1 metric-type external level-1-2
.
.
.
Router(config)# route-map isisMAP1 permit 10
Router(config-route-map)# match route-type level-2 level-1
Router(config-route-map)# set level level-2

Example: Changing the Interface Ownership

In the following sample configuration, POS interface 6/1 was originally enabled for IS-IS IP routing for a "null" instance that does not have a process tag, which is in vrfSecond. The new configuration changes the ownership of POS interface 6/1 to another instance tagSecond, which is also in vrfSecond.


Note

Use of the ip router isis command in interface configuration mode will overwrite the prior configuration on that interface, but only if the new configuration is attempting to change the interface ownership to a different instance that is in the same VRF as the currently configured owner instance. The configuration will be rejected if the attempted change is between two instances that are associated with different VRFs. 


Router(config)# interface POS 6/1
Router(config-if)# ip router isis tagSecond
%ISIS: Interface detached from null and to be attached to instance tagSecond.

Additional References

Related Documents

Related Topic

Document Title

IS-IS commands: complete command syntax, command mode, defaults, command history, usage guidelines, and examples

Cisco IOS IP Routing: ISIS Command Reference

Overview of Cisco IS-IS conceptual information with links to all the individual IS-IS modules

"Integrated IS-IS Routing Protocol Overview" module

ISO CLNS commands

Cisco IOS ISO CLNS Command Reference

Command Lookup Tool

http://tools.cisco.com/Support/CLILookup

Standards

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

MIBs

MIBs

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFCs

Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

--

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IS-IS Support for an IS-IS Instance per VRF for IP

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for IS-IS Support for an IS-IS Instance per VRF for IP

Feature Name

Releases

Feature Information

IS-IS Support for an IS-IS Instance per VRF for IP

12.0(29)S

12.2(33)SRB

15.0(1)M

15.0(1)SY

This feature provides multiple VPN routing and forwarding (VRF)-aware Intermediate System-to-Intermediate System (IS-IS) instances. The VRF functionality allows Internet service providers (ISPs) to separate routing protocol information and propagate it to the appropriate routing table and network neighbors. Using one router with VRF functionality is more cost-effective than using separate routers to separate and forward the routing information.

The following commands were introduced or modified: show clns neighbors , show clns protocol , show isis database , show isis topology , and vrf (router configuration) .