IS-IS Support for an IS-IS Instance per VRF for IP

This feature provides multiple VRF-aware IS-IS instances. The VRF functionality allows Internet service providers (ISPs) to separate routing protocol information and propagate it to the appropriate routing table and network neighbors. Using one router with VRF functionality is more cost-effective than using separate routers to separate and forward the routing information.

Prerequisites for IS-IS Support for an IS-IS Instance per VRF for IP

  • It is presumed that you are running IS-IS on your network.

  • The VRF configuration is a prerequisite to associating an IS-IS instance with that specific VRF. However, the VRF configuration is independent of associating it with IS-IS or any other routing protocol. An IS-IS instance cannot be referred to as being VRF-aware until it has been associated with a particular VRF.

Restrictions for IS-IS Support for an IS-IS Instance per VRF for IP

Support for IS-IS VRF is provided only for IPv4.

When you configure the IS-IS Support for an IS-IS Instance per VRF for IP feature, you must comply with the following nine best-practice guidelines:

  • IS-IS instances running Connectionless Network Services (CLNS) must have the same system ID.

  • An IS-IS instance that is running CLNS or IPv6 cannot be associated with a VRF.

  • You can configure only one IS-IS instance to run both CLNS and IP.

  • IS-IS instances within the same VRF must have unique system IDs, although IS-IS instances located in separate VRFs can have the same system ID.

  • You can associate an IS-IS instance with only one VRF.

  • You can configure the passive-interface default command only on one IS-IS instance per VRF.

  • Redistribution is allowed only within the same VRF.

  • You can enable only one IS-IS instance per interface.

  • An interface can belong to an IS-IS instance only if it is associated with the same VRF.


Note

If you are using LDP, you cannot use the route-target command when configuring a VRF. The router will use BGP for Multiprotocol Label Switching (MPLS) labels.

Information About IS-IS Support for an IS-IS Instance per VRF for IP

VRF-Aware IS-IS

You can configure IS-IS to be VPN routing and forwarding (VRF)-aware. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included in the routing table.

IS-IS Support for an IS-IS Instance per VRF for IP Feature Operation

ISPs have the capability to create multiple VRF-aware IS-IS instances that run on one router, rather than requiring duplicate hardware. IS-IS can be enabled to be VRF-aware, and ISPs can use multiple VRF-aware IS-IS instances to separate customer data while propagating the information to appropriate service providers.

For example, an ISP can create three VRFs--VRF First, VRF Second, and VRF Third--to represent three separate customers. A VRF-aware IS-IS instance is created and associated with each VRF: tagFIRST, tagSECOND, and tagTHIRD. Each instance will have its own routing process, IS-IS database, and routing table, and will calculate its own shortest path first (SPF) tree.

How to Configure IS-IS Support for an IS-IS Instance per VRF for IP

Creating a VRF

Before you begin

  • It is presumed that you have IS-IS running on your network.

  • If CEF is not enabled by default on your platform, you will need to enable CEF in order to associate interfaces with VRF-aware IS-IS instances.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip cef [distributed ]
  4. ip vrf vrf-name
  5. rd route-distinguisher

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ip cef [distributed ]

Example:


Device(config)# ip cef distributed

Enables CEF on the Route Processor card.

  • If CEF is not enabled by default on your particular platform, you must configure it with the ip cef command.

Step 4

ip vrf vrf-name

Example:


Device(config)# ip vrf first

Configures a VRF routing table, and enters VRF configuration mode.

Step 5

rd route-distinguisher

Example:


Device(config-vrf)# rd 1:1

Creates routing and forwarding tables for a VRF.

Attaching an Interface to the VRF

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface type number
  4. ip vrf forwarding vrf-name
  5. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

interface type number

Example:


Device(config)# interface GigabitEthernet 0/0

Configures an interface type and enters interface configuration mode.

Step 4

ip vrf forwarding vrf-name

Example:


Device(config-if)# ip vrf forwarding vrffirst

Associates a VPN routing and forwarding instance (VRF) with an interface or subinterface.

Step 5

end

Example:


Device(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Creating VRF-Aware IS-IS Instances

Prerequisites

Before you create VRF-aware IS-IS instances, you need to enable IP routing on the router.


Note

Only one instance within the VRF can be configured as the passive interface default.

Creating a VRF-Aware IS-IS Instance in Interface Configuration Mode

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface type number
  4. ip address ip-address mask [secondary ]
  5. ip router isis process-tag
  6. no shutdown
  7. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface type number

Example:

Device(config)# interface GigabitEthernet 0/2/0

Configures an interface type and enters interface configuration mode.

Step 4

ip address ip-address mask [secondary ]

Example:

Device(config-if)# ip address 172.16.11.1 255.255.255.255

Sets a primary or secondary IP address for an interface.

Step 5

ip router isis process-tag

Example:

Device(config-if)# ip router isis tagfirst

Configures an IS-IS routing process for IP on an interface and attaches a tag to the routing process.

Note

 

The configuration of the interface-mode ip router isis command will overwrite the prior configuration on that interface, but only if the new configuration is attempting to change the interface ownership to a different instance that is in the same VRF as the currently configured owner instance. The configuration will be rejected if the attempted change is between two instances that are associated with different VRFs.

Step 6

no shutdown

Example:

Device(config-if)# no shutdown

Restarts a disabled interface.

Step 7

end

Example:

Device(config-if)# end

Exits interface configuration mode.

Creating a VRF-Aware IS-IS Instance in Router Configuration Mode

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. router isis process-tag
  4. vrf vrf-name
  5. net network-entity-title
  6. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

router isis process-tag

Example:

Device(config-if)# router isis tagFirst

Enables the IS-IS routing protocol, specifies an IS-IS process, and enters router configuration mode.

  • It is presumed that the VRF named First was previously created.

Step 4

vrf vrf-name

Example:

Device(config-router)# vrf first

Associates an IS-IS instance with a VRF.

Step 5

net network-entity-title

Example:

Device(config-router)# net 49.000b.0000.0001.0002.00

Configures an IS-IS NET for a CLNS routing process.

Step 6

end

Example:

Device(config-router)# end

Exits router configuration mode.

Configuration Examples for IS-IS Support for an IS-IS Instance per VRF for IP

Example Configuring Multiple VRF-Aware IS-IS Instances

In the following example, the VRF Second is created and an IS-IS instance is created explicitly by entering the router isis command on the router: 


Device(config)# ip cef distributed
Device(config)# ip routing
Device(config)# ip vrf Second
Device(config-vrf)# rd 1:1
Device(config-if)# router isis tagSecond
Device(config-router)# vrf Second
Device(config-router)# net 49.000b.0000.0001.0002.00

The VRF Third is created and a VRF-aware IS-IS instance is automatically created when the ip router isis command is entered: 


Device(config)# ip vrf Third
Device(config-vrf)# rd 1:1
Device(config-if)# interface GigabitEthernet0/2/0
Device(config-if)# ip vrf forwarding Third
Device(config-if)# ip address 172.16.10.1 255.255.255.0
Device(config-if)# ip router isis tagThird
Device(config-if)# no shutdown

A new IS-IS instance with the process tag tagThird will automatically be created and associated with the VRF Third. When the show running-config command is entered, the following information for the new IS-IS instance will be displayed: 


Device# show running-config
Building configuration...
.
.
.
router isis tagThird
 vrf Third
Device(config)# router isis tagThird
Device(config-router)# net 49.000b.0000.0001.0001.00

The following sample output verifies information for the VRF-aware IS-IS instances that were created in the previous examples: 


Device# show isis tagThird topology
Tag tagThird:
IS-IS paths to level-2 routers
System Id             Metric  Next-Hop                 Interface   SNPA
router-02             10      router-02                GE4/3/0     0010.0ddc.e00b
router-03             10      router-03                GE0/2/0     0006.0e03.0c45
router-04             10      router-04                GE4/0/0     000a.f3c3.1c70
.                             router-04                GE4/1/0     000a.f3c3.1c71
.
.
.
Device# show clns tagSecond neighbors
Tag tagSecond:
System Id      Interface   SNPA                State  Holdtime  Type Protocol
router-03      GE0/2/0     00d0.2b7f.9502      Up     9         L2   IS-IS
router-03      PO2/2/0     DLCI 211            Up     27        L2   IS-IS
router-02      PO2/0/0     DLCI 131            Up     29        L2   IS-IS
router-11      GE0/4/0     000e.d79d.7920      Up     7         L2   IS-IS
router-11      GE0/5/0     000e.d79d.7921      Up     8         L2   IS-IS
router-11      PO3/2/0     DLCI 451            Up     24        L2   IS-IS
.
.
.
Device# show isis tagThird database level-2
Tag tagThird:
IS-IS Level-2 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
router-01.00-00       0x0000000A    0x5E73       914               0/0/0
router-01.03-00       0x00000001    0x8E41       894               0/0/0
router-01.04-00       0x00000001    0x8747       894               0/0/0
router-03.00-00     * 0x00000005    0x55AD       727               0/0/0
router-03.02-00     * 0x00000001    0x3B97       727               0/0/0
router-02.00-00       0x00000004    0xC1FB       993               0/0/0
router-02.01-00       0x00000001    0x448D       814               0/0/0
router-04.00-00       0x00000004    0x76D0       892               0/0/0
Device# show isis tagThird database level-1
Tag tagThird:
IS-IS Level-1 Link State Database:
LSPID                  LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
router-03.00-00      * 0x0000000B   0xBDF6        1005              1/0/0
router-03.02-00      * 0x00000001   0xC473        940               0/0/0
router-07.00-00        0x00000006   0x403A        940               0/0/0
Device# show clns tagSecond protocol
IS-IS Router: tagSecond
  System Id: 0000.0001.0002.00  IS-Type: level-2-only
  Manual area address(es): 
        49.000b
  Routing for area address(es): 
        49.000b
  Interfaces supported by IS-IS:
        GigabitEthernet4/1/0 - IP
        GigabitEthernet4/0/0 - IP
        GigabitEthernet4/3/0 - IP
  Redistributing: 
    static
  Distance: 110
  RRR level: none
  Generate narrow metrics: level-1-2
  Accept narrow metrics:   level-1-2
  Generate wide metrics:   none
  Accept wide metrics:     none
Device# show clns tagThird protocol
IS-IS Router: tagThird
  System Id: 0000.0001.0001.00  IS-Type: level-1-2
  Manual area address(es): 
        49.000b
  Routing for area address(es): 
        49.000b
  Interfaces supported by IS-IS:
        POS2/2/0 - IP
        GigabitEthernet0/2/0 - IP
        GigabitEthernet0/4/0 - IP
        POS2/0/0 - IP
        GigabitEthernet0/5/0 - IP
        POS3/2/0 - IP
  Redistributing: 
    static
  Distance: 110
  RRR level: none
  Generate narrow metrics: none
  Accept narrow metrics:   none
  Generate wide metrics:   level-1-2
  Accept wide metrics:     level-1-2

Example Creating an IS-IS Instance Without a Process Tag

In the following example, an IS-IS instance was created without the optional process tag. When an IS-IS instance is created without the optional process tag, you can display its information by entering the commands such as show clns protocol with "null" specified for the process-tag argument. 


Device(config)# router isis
Device(config-router)# vrf first
Device(config-router)# net 49.000b.0000.0001.ffff.00
Device(config-router)# is-type level-1
Device(config)# interface POS 6/1/0
Device(config-if)# ip vrf forwarding first
Device(config-if)# ip address 172.16.2.1 255.255.255.0
Device(config-if)# ip router isis
Device(config-if)# no shutdown

Because the IS-IS instance is created without the optional process tag, its information is displayed when the show clns protocol command is entered with "null" specified for the process-tag argument : 


Device# show clns null protocol
IS-IS Router: <Null Tag>
  System Id: 0000.0001.FFFF.00  IS-Type: level-1
  Manual area address(es): 
        49.000b
  Routing for area address(es): 
        49.000b
  Interfaces supported by IS-IS:
        POS6/1/0 - IP
  Redistributing: 
    static
  Distance: 110
  RRR level: none
  Generate narrow metrics: level-1-2
  Accept narrow metrics:   level-1-2
  Generate wide metrics:   none
  Accept wide metrics:     none

Example Redistributing Routes from an IS-IS Instance

In the following sample configuration, routes have been redistributed from the IS-IS instance "null" into the IS-IS instance named tagBLUE. Routes from an OSPF process in VRF Blue have been redistributed into the IS-IS instance named tagBLUE. 


Device(config)# router isis tagBLUE
Device(config-router)# redistribute isis null ip metric 10 route-map isisMAP1
Device(config-router)# redistribute ospf 1 vrf BLUE metric 1 metric-type external
 level-1-2
.
.
.
Device(config)# route-map isisMAP1 permit 10
Device(config-route-map)# match route-type level-2 level-1
Device(config-route-map)# set level level-2

Example Changing the Interface Ownership

In the following sample configuration, POS interface 6/1/0 was originally enabled for IS-IS IP routing for a "null" instance that does not have a process tag, which is in vrfSecond. The new configuration changes the ownership of POS interface 6/1/0 to another instance tagSecond, which is also in vrfSecond.


Note

Note that use of the ip router isis command in interface configuration mode will overwrite the prior configuration on that interface, but only if the new configuration is attempting to change the interface ownership to a different instance that is in the same VRF as the currently configured owner instance. The configuration will be rejected if the attempted change is between two instances that are associated with different VRFs. 


Device(config)# interface POS 6/1/0
Device(config-if)# ip router isis tagSecond
%ISIS: Interface detached from null and to be attached to instance tagBLUE.

Additional References

Related Documents

Related Topic

Document Title

IS-IS commands: complete command syntax, command mode, defaults, command history, usage guidelines, and examples

Cisco IOS IP Routing: ISIS Command Reference

Overview of Cisco IS-IS conceptual information with links to all the individual IS-IS modules

"Integrated IS-IS Routing Protocol Overview" module

ISO CLNS commands

Cisco IOS ISO CLNS Command Reference

Cisco IOS master command list, all releases

Cisco IOS Master Command List, All Releases

Standards

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

MIBs

MIBs

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFCs

Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

--

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IS-IS Support for an IS-IS Instance per VRF for IP

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.