IS-IS route filtering question

Grey · Guest

This is addressed to anyone who knows how to use route filtering in IS-IS.

The network diagram is:

Router _A ------------ Router_B ------------ Router_C

The adjacency between Router_A and Router_B is level-2; the adjacency
between Router_B and Router_C is level-1-2. Routers are connected by
point-to-point serial links.

Is it possible to implement route filtering of external routes redistributed
by Router_A in Router_B? The purpose of the exercise is to block certain
routes redistributed by Router_A from reaching Router_C.

Let's say there're two loopback IP addresses configured on Router_A:

loopback 0: 10.1.0.1 255.255.255.0
loopback 1: 10.1.1.1 255.255.255.0

Router_A redistributes these external networks:
router isis
redistribute connected metric-type internal metric 9 level-2

I want to be able to filter out 10.1.1.0, but to allow 10.1.0.0

I know how configure Router_A for filtering out external routes
redistributed by Router_A, using the "redistribute" command, a route-map,
and an acess-list. However, using IOS 11.2, I can't implement the
"distribute-list" command on Router_B to disallow route 10.1.1.0 from
reaching Router_A. Can the "distribute-list command be used on Router_B for
this purpose? If you know how to use it, would you post it here? Also, could
you specify the version of your IOS?

Many thanks,

Grey

Ronnie Higginbotham · Guest

You could apply a route map on Router A and apply that to the connected
redistribution. But that would also block that route going to Router B. I
don't think you can do what you are wanting to do. ISIS is not like BGP.

I am still trying to figure out all the corks with ISIS myself. Not to may
books about redistribution with ISIS.

Ronnie

"Grey" <bbb@ccc.com> wrote in message
news:DpGcnSRoq7kvpduiXTWJhw@comcast.com...

Ronnie Higginbotham · Guest

I did a little reading. Try this and let me know if it works.

On router B try

router isis
redistribute isis ip level-2 into level-1 distribute-list <acl>

"Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
news:qSy1b.3093$TC.2467@newssvr22.news.prodigy.com...

Grey · Guest

Ronnie,

Thanks for your response and the time you spent researching.

What you suggested is called "route leaking". On L1/L2 routers, level-2
routes received over level-2 adjacencies from Level-2-only routers normally
don't leak into their own level-1 LSPs sent to other routers. Level-1 routes
received over level-1 adjacencies by L1/L2 routers, on the other hand,
always leak into their level-2 LSPs that they send to other routers. That's
why a L1/L2 router sets the ATT bit to 1 in its level-1 LSP. This way a
Level-1 router can reach the backbone via the L1/L2 router by using the
default route. It's possible to configure a L1/L2 router to leak received
Level-2 routes into its Level-1 LSPs. The command you suggested is used for
that purpose . However, It's not going to work in my case for two reasons:

1. Router_C is a L1/L2 router, so even if I leak level-2 routes into level-1
LSP on Router_B, using the distribute list that blocks 10.1.1.0, Router_C
will still get both 10.1.1.0 and 10.1.0.0 through the Level-2 LSP from
Router_B (L1/L2 router).
2. The command you suggested was introduced only in the IOS version 12.0(T).
Route leaking was first available in the IOS version 12.0 (S), but the
command had a different syntax: advertise ip l2-into-l1 <extended_acl>.
Since I only have 8 mb of Flash in my routers, and the Enterprise feature
set is needed to run IS-IS, the most up-to-date IOS I can run is version
11.2, which doesn't have "route leaking" capabilities.

Are you studying for BSCI? If so, I'd like to know which books you are
using. I got a lot of good information on IS-IS from the CIM "IP Routing:
Link State Protocols" by Ciscopress. I admit I may be overdoing it a little
as far as the depth of the labs goes. I've completed labs that cover route
redistribution (both internal and external metric-types); route
summarization (external and internal); IS-IS route filtering, clns packet
filtering, IS-IS and CLNS adjacency filtering; domain, area and IS-IS
authentication, etc. The chapter on IS-IS from "Building Scalable Cisco
Internetworks" by Catherine Paquet and Diane Teare doesn't seem to go into
enough depth, though. Todd Lammle's chapter on IS-IS is laughable. The CIM I
mentioned above seems to complement BSCI course book very nicely.
Unfortunately, I have no idea how much IS-IS is on the test, so I may be
moving too slowly, but I'm learning a lot of stuff! The end goal is to work
with that stuff, so learning as much as possible now should pay off in the
future.

Grey

"Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
news:lGz1b.3095$9T.1223@newssvr22.news.prodigy.com...

Ronnie Higginbotham · Guest

Sorry that didn't work. Unfortunately I haven't seen to many book on ISIS.

I have the ISIS Design guide my Abe Martey it is ok but not to many
examples. Just talks about the theory.

Jeff Doyle's Vol 1 of Routing TCP IP has a chapter in it also. I am going to
read it today. I also have the BSCI book.

I am studying for my CCIE lab, which is coming up in September. Hopefully I
will pass.

The book I used for my BSCI was the Building Scalable Cisco Internetworks
that you have.

Ronnie

Good Luck in your studies.

"Grey" <bbb@ccc.com> wrote in message
news:n4ednQATkrgZf9uiU-KYuA@comcast.com...

Grey · Guest

Ronnie,

Check out that CIM by Ciscopress, "IP Routing: Link State Protocols. It's
definitely worth the time and the money. It has two chapters on IS-IS, two
chapters on OSPF, a chapter on access lists, and then some Cisco routing
issues that I haven't seen in other books. IT has over 10 labs on OSPF and
over 10 labs on IS-IS. If you think you may need some IS-IS for your test,
it's worth spending time with.

Grey

"Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
news:CAK1b.3148$el5.1893@newssvr22.news.prodigy.com...